It is hard to tell how prepared the Pentagon is for cyber war due to secrecy, but there are a wide array of factors other than military readiness that contribute to vulnerability.
It may not be news that the cyber domain is perhaps the most vulnerable point for U.S. defenses, but when the former top commander in Afghanistan says we're not ready for cyber war, it reinforces the quandary facing the U.S. military, civilian agencies and the private sector alike.
Military-wise, it is hard to tell how prepared the Pentagon is for cyber war – information is tightly locked down under high-level classifications – but there are a wide array of other mitigating factors that contribute to vulnerability, according to Gen. Stanley McChrystal, former commander of U.S. and international forces-Afghanistan.
"I don’t think we're prepared for the future because I think it's almost impossible to be," McChrystal said Oct. 29 at an event held by SAP National Security Services in Falls Church, Va. "In the case of cyberspace, I think our big problem is that we are going to try to balance the amazing capacity to monitor and control, with the desire of people to have privacy, freedom of action, freedom of communication. That’s going to be a very careful balance, and we're going to get stuck a few times."
When asked about his thoughts on cyber warfare, McChrystal did not specifically mention the National Security Agency or its chief, Gen. Keith Alexander, but he alluded to ongoing controversy over NSA surveillance activities and pointed out that successfully weighing civil liberties against the terror threat is a pressing challenge happening in real time.
"Al Qaeda used the Internet incredibly effectively against us, and the more open it is, the more they'll do that. But there's that balance to find between what you're able to do and what people are willing to accept," he said. "We're seeing that play out in the papers today."
A day later Alexander spoke at a Bloomberg Government event Washington, and while most of his time was spent discussing the NSA, he also emphasized what he characterized as priorities in U.S. cyber defense. Among them were calls for a more defensible architecture, better threat-sharing information and continued transition to "a thin, virtual cloud" that allows rapid response to potential threats.
"A mistake in cyberspace means that the adversary has a chance of getting into our networks," Alexander said. Action "can't be at the speed of people; it has to be at the speed of the network."