Cybersecurity

Why cyber capabilities are more important than strategy

concept cybersecurity art 

Sen. John McCain (R-Ariz.) has not been subtle in his calls over the last year for the U.S. to develop a cyber deterrence strategy, and the Senate's freshly minted 2018 defense bill now directs the Pentagon to create a comprehensive cyber strategy.

The Senate Armed Services Committee report "encourages the new administration to immediately prioritize the development of a cyber deterrence strategy that emphasizes both deterrence by denial and deterrence by consequence imposition."

The draft NDAA outlines a U.S. cyberspace and cyber warfare policy that states "that the United States should employ all instruments of national power, including the use of offensive cyber capabilities, to deter if possible, and respond when necessary, to any and all cyberattacks or other malicious cyber activities that target United States interests…"

But, Eric Rosenbach, former chief of staff to the Defense secretary, told FCW on the sidelines of the July 13 Defense One Tech Summit that the more important provision of the Senate NDAA is the cyber posture review that the DOD must complete by March 1, 2018.

Rosenbach said there is an existing DOD strategy, and that the more immediate concern is making sure U.S. Cyber Command has the capabilities to defend and deter -- and that policies are adjusted to leverage those capabilities.

"It's really important to have the capability first, because the capability is the options that you bring to the secretary of defense or to the president and national security advisor," he said. "Once those options are there, they need to make policy decisions that bolster deterrence and that's where there will probably need to be a shift to a more aggressive posture from a policy perspective."

"I think working on technologies that help with forensics and attribution is really important," he added, saying that attribution is essential to deterrence.

"But when it comes down to it, we have to be more muscular and we need that offensive capability as well and continue to develop that," he said.

Rosenbach said offensive capabilities have matured significantly over the last five years.

"It's very difficult to make hard policy decisions if you don't know that you have capabilities that you can depend on, [that] react the way they are supposed to in cyberspace that you can predict," he said. "So I think now it's at the point where the authorities will not be a problem if you make a good case and can explain how the capabilities are going to work."

On the defensive side, Rosenbach said that while DOD networks are "pretty secure," and the rest of the federal networks are getting better, government needs to focus on making elections infrastructure more robust and helping "campaigns in a way that isn't too onerous that doesn't cross the boundaries of government and politics."

While Rosenbach said the capabilities need to come first, there is no question that the U.S. needs to build up its cyber deterrence posture.

During the summit, Rosenbach expressed serious concern over Russia's efforts to interfere in the U.S. election and its alleged intrusions into U.S. power infrastructure. He said that is a sign of U.S. failure to deter Russia.

"The Russians and a lot of other bad guys think they can get away with putting malware on our grid, manipulating our elections and doing a lot of other bad things, and get away with it because they have," he said.

Rosenbach argued that the U.S. is at risk until it is able to change that perception.

"When there's a strategic scenario in the world when it makes a difference as to the leverage we have on the Russians," he said, "in the back of our minds we'll think, 'well crap, they have malware in our grid and they may use that to do something to us.'"

"It's going to change a major foreign policy decision," he said.

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.