Cybersecurity

Why cyber capabilities are more important than strategy

concept cybersecurity art 

Sen. John McCain (R-Ariz.) has not been subtle in his calls over the last year for the U.S. to develop a cyber deterrence strategy, and the Senate's freshly minted 2018 defense bill now directs the Pentagon to create a comprehensive cyber strategy.

The Senate Armed Services Committee report "encourages the new administration to immediately prioritize the development of a cyber deterrence strategy that emphasizes both deterrence by denial and deterrence by consequence imposition."

The draft NDAA outlines a U.S. cyberspace and cyber warfare policy that states "that the United States should employ all instruments of national power, including the use of offensive cyber capabilities, to deter if possible, and respond when necessary, to any and all cyberattacks or other malicious cyber activities that target United States interests…"

But, Eric Rosenbach, former chief of staff to the Defense secretary, told FCW on the sidelines of the July 13 Defense One Tech Summit that the more important provision of the Senate NDAA is the cyber posture review that the DOD must complete by March 1, 2018.

Rosenbach said there is an existing DOD strategy, and that the more immediate concern is making sure U.S. Cyber Command has the capabilities to defend and deter -- and that policies are adjusted to leverage those capabilities.

"It's really important to have the capability first, because the capability is the options that you bring to the secretary of defense or to the president and national security advisor," he said. "Once those options are there, they need to make policy decisions that bolster deterrence and that's where there will probably need to be a shift to a more aggressive posture from a policy perspective."

"I think working on technologies that help with forensics and attribution is really important," he added, saying that attribution is essential to deterrence.

"But when it comes down to it, we have to be more muscular and we need that offensive capability as well and continue to develop that," he said.

Rosenbach said offensive capabilities have matured significantly over the last five years.

"It's very difficult to make hard policy decisions if you don't know that you have capabilities that you can depend on, [that] react the way they are supposed to in cyberspace that you can predict," he said. "So I think now it's at the point where the authorities will not be a problem if you make a good case and can explain how the capabilities are going to work."

On the defensive side, Rosenbach said that while DOD networks are "pretty secure," and the rest of the federal networks are getting better, government needs to focus on making elections infrastructure more robust and helping "campaigns in a way that isn't too onerous that doesn't cross the boundaries of government and politics."

While Rosenbach said the capabilities need to come first, there is no question that the U.S. needs to build up its cyber deterrence posture.

During the summit, Rosenbach expressed serious concern over Russia's efforts to interfere in the U.S. election and its alleged intrusions into U.S. power infrastructure. He said that is a sign of U.S. failure to deter Russia.

"The Russians and a lot of other bad guys think they can get away with putting malware on our grid, manipulating our elections and doing a lot of other bad things, and get away with it because they have," he said.

Rosenbach argued that the U.S. is at risk until it is able to change that perception.

"When there's a strategic scenario in the world when it makes a difference as to the leverage we have on the Russians," he said, "in the back of our minds we'll think, 'well crap, they have malware in our grid and they may use that to do something to us.'"

"It's going to change a major foreign policy decision," he said.

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.