DOD cyber defense plan draws fire

Critics say the plan revives many familiar, unfulfilled goals.

In announcing its latest plan to improve the security of military and related mission-critical networks in the public and private sectors, the Defense Department dutifully acknowledged once again that cyberspace is a new domain in which it must defend the United States and its vital interests.

But cyberspace is unlike any other battlefield the Pentagon has encountered before, and the military is clearly struggling to develop operational ground rules for this complicated new domain where the lines are often fuzzy between DOD and civilian activities, war and peace, and the good guys and the bad guys.

The difficulty of the task for DOD officials is evident in just how messy and prone to criticism the process of creating a cybersecurity policy has become. However, there is little doubt that a strategy is crucial. At the July 14 press conference for the plan’s unveiling, Deputy Secretary of Defense William Lynn also disclosed that in March, a “foreign intruder” was able to steal 24,000 files pertaining to cutting-edge weapons systems from the network of a defense contractor.

As an illustration of the messiness, the vice chairman of the Joint Chiefs of Staff, Marine Gen. James Cartwright, made the unusual move of publicly criticizing the plan’s defensive orientation hours before Lynn officially released it.

"We’re on a path that is too predictable, way too predictable," Cartwright told reporters. "It’s purely defensive. There is no penalty for attacking us now. We have to figure out a way to change that."

Cartwright deserves at least a tongue lashing for so publicly undermining a superior and a tutorial on the difficulty of determining with any certainty whom to punish when U.S. networks are attacked, writes Wayne Rash in eWeek.

Sorting out the complex issues and ambiguity that characterize the context for cyberspace rules of engagement is not easy. Back when many military leaders began their careers, defense experts divined an adversary’s intentions in part by counting tanks, planes and ships in satellite photos, and leaders could more easily assign culpability for an attack before weighing how to retaliate.

In the cyber arena, it is much more difficult to ascertain intentions and capabilities and, likewise, to define what constitutes an attack, how to retaliate if one happens, and whom and what to retaliate against (a hacker’s home, a government ministry building, a Web-hosting facility in another, uninvolved country?).

Hyperbole about cyber war doesn’t help clarify the discussion, writes James Lewis, a senior fellow at the Center for Strategic and International Studies. He said that despite the apparent abundance of state-sponsored hacking as judged from recent press accounts, “only by adopting an exceptionally elastic definition of cyberattack can we say they are frequent.” Nevertheless, Lewis said, defense officials are rightfully trying to better understand and plan for a world in which true cyberattacks will become more common.

There are also constitutional issues raised by the notion of the military routinely patrolling an environment used every day by the general public and businesses. Declan McCullagh, writing in CNet’s "Privacy Inc" blog, said concerns about the civil liberty implications of DOD's new cyber plan aren’t without some justification because the power to monitor civilian networks for bad behavior includes the ability to monitor them in general.

“The resolution of privacy concerns is likely to depend on the details, including whether the military merely provides recommendations to network operators in the private sector — or if it instead wants authority and oversight,” McCullagh writes.

If there were easy ways to secure cyberspace, the Pentagon probably could have nailed down many of the specifics years ago. Yet some experts say DOD’s new plan proposes many of the same difficult-to-achieve and still-unfulfilled solutions, such as building better public/private partnerships to secure critical infrastructure, writes Nancy Gohring for the IDG News Service.


The 5 pillars of cyber defense

The Defense Department’s new strategy for securing cyberspace is organized around five key initiatives:

  • Establish cyberspace as an operational domain — like air, sea, land and space — and organize, train and equip forces accordingly to perform cyber missions.
  • Adopt new operating concepts for networks, including active defenses that use sensors, software and signatures.
  • Partner with the private sector and other government agencies to protect critical infrastructure — particularly the Homeland Security Department, which is responsible for protecting civilian networks.
  • Strengthen collective cybersecurity in coordination with U.S. allies and other international partners.
  • Capitalize on the United States' technological and human resources through an exceptional cyber workforce and rapid technological innovation.

Source: "Department of Defense Strategy for Operating in Cyberspace," July 2011

NEXT STORY: Minnesota lawmakers strike a deal

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.