To get notices of new blogs via email, click here:

Saturday, July 16, 2011

Even the JCS thinks DoD's cyber plan is stupid

The U.S. DoD cyber security game plan is still dedicated to playing defense and only defense, as outlined in yesterday's asinine quote of the day by Deputy Secretary of Defense William Lynn:
"Our strategy's overriding emphasis is on denying the benefit of an attack. Rather than rely on the threat of retaliation alone to deter attacks in cyberspace, we aim to change our adversaries' incentives in a more fundamental way. If an attack will not have its intended effect, those who wish us harm will have less reason to target us through cyberspace in the first place," Lynn said. 
To be fair, you can read the entire Department of Defense Strategy for Operating in Cyberspace by clicking on that link.  One quote on page six of the report (the report has only 13 pages, but that includes a swell cover and a couple of blank pages inside, obviously added to give this lightweight tome some badly needed gravitas) says it all. But to be unambiguous, I'll write what they said and then edit it the way it should have been written:

“Defending against these threats to our security, prosperity, and personal privacy requires networks that are secure, trustworthy, and resilient.”
My rewrite would read as follows:
“Defending against all threats to our cyber security requires a deterrent strategy that promises assured and disproportionate cyber retaliation.” 
As I said on May 14th, game theory demands more than just playing defense.

Evidently General James E. Cartwright, vice chairman of the Joint Chiefs of Staff, agrees. As reported in Thursday's New York Times:
“If it’s O.K. to attack me, and I’m not going to do anything other than improve my defenses every time you attack me, it’s very difficult to come up with a deterrent strategy,” General Cartwright told reporters on Thursday.
I'll bet General Cartwright turned the air blue with invective when he read the deputy defense secretary's comment about "denying the benefit of an attack." Gosh I'd love to have been a fly on the wall.

No comments:

Post a Comment

Implementation suggestions for THE MORGAN DOCTRINE are most welcome. What are the "Got'chas!"? What questions would some future Cyber Privateering Czar have to answer about this in a Senate confirmation hearing?