Pentagon unveils its new cyberstrategy. Well, some of it, anyway.
The Pentagon – belatedly, perhaps – outlines its 'Strategy for Operating in Cyberspace.' A slim unclassified document emphasizes a defensive posture, leaving many questions unanswered.
(Page 3 of 3)
Weapons like Stuxnet, the world's first-publicly confirmed piece of weaponized software that some have called a “digital guided missile” was discovered last year to have hammered Iran’s nuclear facilities. Nobody knows who developed Stuxnet, even though the US and Israel are high on the list of suspects, many say.Skip to next paragraph
Subscribe Today to the Monitor
The new document doesn’t reference US offensive cyber weapons capability or development, or when such weapons might be used against an adversary. Yet, doctrine and policy regarding such use is a major issue within the cyberpolicy community, some arguing the president should be involved in many, if not most, decisions to deploy such weapons. Still, it’s possible such questions are more directly addressed in a classified version of the cyber document that observers presume exists.
“I didn't see a single new thing here,” says a member of the 2009 National Research Council study of the legality and ethics of using offensive cyberweapons, who asked not to be named. “This so-called strategy is so broadly written that not only is there nothing new in it, parts of this could have been written in the mid-90s – stuff about active defenses, better training, better procurement – it's the same old stuff. It's hard to see how this constitutes a strategy.”
Others agreed there were obvious omissions with no reference to “information operations” – the deployment of digital disinformation – or a new generation of cyberweapons that could take out computer-controlled power grids, refineries, chemical factories and other computer controlled infrastructure, says Dan Kuehl, a professor of information operations at National Defense University, who attended Lynn's speech.
“The reality is this is really a document focused on cybersecurity efforts, which are not unimportant, but it's only one or two slices of the pizza,” Dr. Kuehl says. “Where's the DoD's strategy for the use of cyberspace to influence operations?” he asks, referring to the use of disinformation.
Still, he thought Lynn's speech and the document are unambiguous about the major issue: the military's key role in cyberspace.
“There's been some unhappiness emerging about the idea of militarizing cyberspace,” he says. “But I thought Lynn's speech and the strategy document are right on the mark in trying to just normalize it – driving a gentle stake through the heart of all this concern.
“I mean, give me a break, it has been militarized for two decades just like space. We're just catching up with it.”