WASHINGTON, July 18, 2011 – The Defense Department announced late last week a plan to proactively deal with cyber intrusions through a collaborative buildup of civilian and military network defenses.
The DoD Strategy for Operating in Cyberspace (DSOC) is the first unified strategy for conducting operations in cyberspace between the Defense Department’s military, intelligence and business operations. The DoD is coordinating its cyber security efforts with the Department of Homeland Security and private companies responsible for maintaining critical infrastructure through threat information sharing and more robust network protection. The program is called Defense Industrial Base (DIB) Cyber Pilot.
“In the DIB Cyber Pilot, the U.S. government is not monitoring, intercepting, or storing any private sector communications,” said Deputy Secretary of Defense William Lynn in a speech on the cyber strategy delivered at National Defense University (NDU) at Ft. McNair in Washington, D.C.
“Rather, threat intelligence provided by the government is helping the companies themselves, or the internet service providers working on their behalf to identify and stop malicious activity within their networks.”
The thrust of the strategy - the DoD’s answer to the Obama administration’s cyber strategy proposal, released earlier this year – recognizes the interconnectedness of the Internet and develop active defenses without militarizing what is primarily a civilian space. The anonymous nature of the Internet makes the threat of a physical response to disruptive cyber intrusions problematic when the military does not know which way to point its guns.
“A missile comes with a return address, a cyber attack does not,” said Lynn.
The announcement has been eagerly anticipated ever since a defense official was quoted in May in the Wall Street Journal saying that a cyber attack on critical infrastructure can constitute as an ‘act of war’ and would be possibly be met with a physical military response.
Those in the midst of the battle, however, understand that cyber- and conventional warfare are different animals.
“One good thing about our new cyber strategy is that it recognizes the cyber domain is unique, in that it’s man-made and largely privately owned, creating unique issues that require some new thinking,” said Col. Gary Brown, Staff Judge Advocate at U.S. Cyber Command.
“Collective international cooperation and action are going to be required for us to protect DoD systems that rely on the Internet to function. Early warning and speed of response are going to be keys to effective cyber action,” said Brown.
Chandra Tamirisa, Founder and CEO of Transformations LLC, a technology consultant firm, commented on the strategy and said that the U.S. government, via the National Security Agency, should do more and build what would liken to an electronic moat around U.S. networks that would legally surveil incoming and outgoing information.
“The U.S. needs a perimeter defense,” said Tamirisa.
