"With little fanfare, the Pentagon is putting the finishing touches on a
new strategy that will treat cyberspace as a domain of potential warfare
-- and apply instant "active defense" to counterattacks that, in
theory, could shut down the nation's transportation and commerce.
Even though it deals with a distinctly 21st-century problem, the
strategy has echoes of the Cold War: America's closest allies would be
drawn into an early-warning network of collective cybersecurity; private
industry would be mobilized in a kind of civil defense against
attackers; and military commanders would be given authority to respond
automatically to electronic invaders.
In place of "massive retaliation" against attackers whose country of
origin may be unclear, the strategy proposes an alternative concept of
deterrence based on making America's infrastructure robust and redundant
enough to survive any attack. The Department of Homeland Security would
oversee this hardening of infrastructure, with help from the National
Security Agency.
William J. Lynn III, the deputy secretary of defense, explained the new approach, known as "Cyberstrategy 3.0" within the
Pentagon, in an interview this week and in an article that appears in
the new issue of Foreign Affairs. The formal policy should be completed
by December, he said; meanwhile, the Pentagon's new "Cyber Command" will have responsibility for "active
defense" starting Oct. 1.
Lynn's proposals are provocative. But the strategy could be costly and
perhaps cumbersome, and it involves threats that aren't well understood
by the public -- even by many of the companies that could be targets of
attacks. So the first order of business should be more public
information: Everyone needs to understand the risks of attack, and the
costs and benefits of mobilizing against it.
Talking with Lynn, I was struck by the gap between the way defense
experts see cyberspace -- as a source of potentially crippling assault
-- and the public's view of an Internet that is a generally benign
companion. Although Lynn speaks of cyberspace as a "domain" that can be
protected, such as airspace, it may be closer to the oxygen we breathe.
The Pentagon is already recruiting allies on cybersecurity. Lynn has
shared ideas with America's longtime partners on signals intelligence --
Britain, Canada and Australia. He plans to meet with a wider circle of
NATO allies next month. One topic will be surveillance against
cyberattacks -- a sort of Internet version of the old "DEW Line" radar
network or the undersea listening devices that monitored Soviet
submarines.
Lynn's defense scheme would be "part sensor, part sentry, part
sharpshooter." The first two are noncontroversial, but I asked him what
he meant by "sharpshooter." He explained that if Cyber Command detected
an incoming attack, it would instantly "quarantine the malicious code"
by "diverting it into a place where it would be harmless." The
challenge, he said, was to stop the attack without doing "collateral
damage," such as disrupting global commerce.
Lynn wouldn't talk much about America's offensive weapons in cyberspace,
except to say that "we have developed a wide range of capabilities."
The United States is probably more vulnerable to such attacks than other
countries because our economy is more wired. But Lynn rejected the idea
of banning cyberweapons, through a new version of arms control, because
it would be so easy for others to cheat.
In cyberplanning, the phrase "military-industrial complex" has special
resonance. Since at least 2007, the Pentagon has been informing defense
contractors about hostile penetrations of their networks. This has
evolved into the "Enduring Security Framework," a partnership that
includes CEOs of many of the big technology and defense companies. Lynn
said the Pentagon is working with contractors to protect their systems
from cyberattack.
An intriguing aspect of cyberstrategy is that it turns "globalization"
inside out. A U.S. laptop maker that once would have boasted that its
components were assembled in 50 countries must now worry about 50 points
where an intruder could plant malicious code. The Defense Department
calls this problem "supply chain vulnerability." Lynn said he hopes
companies will monitor their plants and suppliers to reduce the risk
that products sent to the United States are contaminated, but he
conceded that "you can't build everything inside a fence."
In the debate about cyberstrategy, I hope officials will recognize the
dangers of militarizing the global highway for commerce and
communication. Of course we want to protect ourselves against threats.
But as with human viruses, hostile computer bugs will evade our best
efforts at quarantine. A new (and expensive) obsession with
cybersecurity is not what this traumatized country needs."
[Note: Source: David Ignatius, "Pentagon's cybersecurity plans have a Cold War chill", at Washington Post, 26 Aug 010. Sad how the Obama and Bush regimes had/have the same imperial/totalitarian/capitalist mindsets. Let's manufacture a threat so we can clamp down AND make a fortune off it! Change our policies so we have fewer enemies? That's giving in to the terrists [sic]! Too bad the Post buys into 99% of it ... (tip o' the cap to Ed)]
