US Deputy Secretary of Defense William Lynn offers a sketch of defense thinking about cyber issues in the current issue of Foreign Affairs. The article has generated much buzz because of reference to a 2008 compromise of classified military networks that began with malicious code delivered by a ubiquitous flash drive, which Lynn characterized as the most significant breach of military computers ever.
In thinking about cyberwarfare, Secretary Lynn offers the following observations:
- Cyberwarfare is asymmetric. "A dozen determined computer programmers can, if they find a vulnerability to exploit, threaten the United States' global logistics network, steal its operational plans, blind its intelligence capabilities, or hinder its ability to deliver weapons on target."
- The offense has the upperhand. "The U.S. government's ability to defend its networks always lags behind its adversaries' ability to exploit U.S. networks' weaknesses."
- Traditional deterrence models do not apply. "Deterrence will necessarily be based more on denying any benefit to attackers than on imposing costs through retaliation."
- Cyberthreats are not just military ones. "Hackers and foreign governments are increasingly able to launch sophisticated intrusions into the networks that control critical infrastructure."
- Intellectual property is vital to national security. "As military strength ultimately depends on economic vitality, sustained intellectual property losses could erode both the United States' military effectiveness and its competiveness in the global economy."
With this in mind, Secretary Lynn offers some principles to develop a strategy for cyberspace.
- Cyberspace is a new domain of warfare. "It has become just as critical to military operations as land, sea, air, and space. As such, the military must be able to defend and operate within it."
- Active defense is essential. "The National Security Agency has pioneered systems that, using warnings provided by U.S. intelligence capabilities, automatically deploy defenses to counter intrusions in real time."
- Information sharing is key among commercial, government and international partners. "In partnership with the Department of Homeland Security, Cyber Command also works closely with private industry to share information about threats and to address shared vulnerabilities."
Given that private networks dominate cyberspace, Secretary Lynn does acknowledge the challenges of de-conflicting responsibility in cyberspace. While the new CYBERCOMMAND can consolidate control and operations of military networks, it is up to the Department of Homeland Security to defend the .gov and .com domains. He did hint that maybe the military should extend its coverage outside the .mil domain, but this creates a host of legal and privacy challenges. It may also represent a new area where the Department of Defense creeps beyond its traditional boundaries.
These views are my own and do not represent any official position.