BIRMINGHAM – William Lynn,the US Deputy Secretary of Defense wrote the most succinct description of the US Pentagon Cyberstrategy yet in the September/October issue of Foreign Affairs. Here are the good, the bad, and the ugly components of that strategy.
The good. Lynn begins by acknowledging successful cyber attacks against the US military, in particular the intrusion via USB thumb drives that occurred in the fall of 2008. This intrusion led to the Pentagon making an unprecedented move to ban USB thumb drives from the military; a ban that was only rescinded in February 2010. The cleanup effort to recover from the widespread worm infection, that Lynn claims was initiated in a Mideast base by foreign agents, was dubbed Operation Buckshot Yankee (OBY) in the Defense Department and Operation Rampant Yankee in the Army.
Lynn also states: “To stay ahead of its pursuers, the United States must constantly adjust and improve its defenses.” This is an important acknowledgement and reflects the state of cyber defense for every organization. There is no single technology solution to be deployed that will counter all threats and even the latest and greatest technology will not defend against tomorrows attack methodologies.
Deterrence has been the subject of many recent reports coming from think tanks and cyber commissions. Most have taken the view that cyber offensive or retaliatory measures must be in place to deter assailants. I like Lynn’s take:
“deterrence will necessarily be based more on denying benefit to attackers than on imposing costs through retaliation.”
In other words, a strong defense is the best cyber defense.
Lynn also addresses the issue of international cooperation: “If there are to be international norms of behavior in cyberspace, they may have to follow a different model, such as that of public health or law enforcement.” Agree.
I can find no fault with Lynn’s summary:
“The principal elements of that strategy are to develop an organizational construct for training, equipping, and commanding cyberdefense forces; to employ layered protections with a strong core of active defenses; to use military capabilities to support other departments’ efforts to secure the networks that run the United States’ critical infrastructure; to build collective defenses with U.S. allies; and to invest in the rapid development of additional cyberdefense capabilities. The goal of this strategy is to make cyberspace safe so that its revolutionary innovations can enhance both the United States’ national security and its economic security.”
To read the Bad and Ugly, click on ThreatChaos.Com
a>>
