Back in April 17, 2002, DoD executives established U.S. Northern Command (NORTHCOM) as part of the changes brought about by the Unified Command Plan. NORTHCOM is responsible for homeland defense and also serves as head of the North American Aerospace Defense Command (NORAD), a U.S.-Canada command. Last week I heard NORTHCOM's Commander -- General Victor Renaut's address at the Atlantic Council meeting. In his remarks and in the questions that followed he addressed the threat of cyber attacks.
The most important point of his remarks came when he stated the United States must move in "anticipation of the threat" rather than reacting to cyber attacks as we are today. Secondly, he acknowledged how difficult it is to determine whether an attack on a nation's cyber infrastructure is an act of war. He went on to say: "We have not yet defined what that (referring an act of cyber war) is and he noted "That's a policy decision that has to be made."
This clearly articulated the need to develop a "Cyber Warfare Doctrine" that is used beyond the United States and agreed upon by the United Nations and NATO. Earlier this year I authored such a doctrine and was able to publish a redacted summary version in issue #56 of International Intelligence Magazine. An extended summary with sensitive security information can be viewed here.
As efforts continue to pull together all the pieces of President Bush's classified cyber security program, (now estimated at $30 billion) the greatest challenges may be the multi-nation approach and the fact that the U.S. government and the high tech industry have to work together to address this growing threat. The tenets for cyber warfare must be developed and integrated into a flexible framework for decision making about this new method of warfare that military leaders have called the most significant threat of the 21st century.