Every few months, like clockwork, the same ritual plays out on Capitol Hill: Top witnesses from DoD, the Department of Homeland Security or elsewhere appear before a committee to talk about cyber-security or cyber-warfare. Lawmakers say, 'well what about this?' or 'what about that?' And the witnesses say: 'We don't know.' For years now, America's national security officials have been trying to figure out this cyber situation; they give answers like 'we'll need a lot of inter-agency cooperation on this' and 'we need to engage with industry on this,' and 'we need to have a discussion about what we'll do if that happens.' The message is always clear: This cyber-business is important, but since nobody owns all of it, nobody can -- or wants to -- take full responsibility.
So it'll be interesting to see what DoD comes up with when it drops its new cyber-strategy, which Stripes' Chris Carroll reports will be coming out sometime soon. A main point, Carroll writes, is that the strategy will codify the view that cyber-warfare is as important a venue as your traditional air, sea, land or space, and there are some other points that have already bubbled up. Writes Carroll:
Besides elevating the status of cyberspace, the strategy calls for: “Active defense” systems for military networks. The systems use “sensors, software and signatures derived from intelligence to stop malicious code before it succeeds.”It's probably wise not to get our hopes up too much about the cyber-strategy. As you read here on Buzz last week, DoD releases reports, reviews and strategies all the time, expecting that they'll make a big splash when they often barely cause a ripple.
Planning and coordination with the Department of Homeland Security. This will ensure that critical civilian infrastructure on which the military also relies is safe from cyber attacks.
Commitment from the Pentagon to work with allies to build international network defenses.
A public-private partnership to secure networks.
While experts say the strategy will leave key points undecided — for instance, which responses are merited for specific types of attack, or how much the Pentagon will participate in defending non-military networks — one thing is clear: Information technology and the Internet are entwined in nearly every facet of military operations, from departmental email to battlefield operations. As a result, every function of the U.S. military is vulnerable in some degree to cyberattack.
What do you think? Can DoD's new strategy improve the odds in the event of a cyber attack? What could?