Tuesday, May 31, 2011

WSJ: Cyber attack an "Act of War"

In one sense, today's top-of-the-fold/front-page Wall Street Journal story brings us one step closer to The Morgan Doctrine. Unfortunately, the direction taken by the Defense Department is seriously flawed in several respects:

  1. "The strategy will also state the importance of synchronizing U.S. cyber-war doctrine with that of its allies…" This least-common-denominator approach to doctrine is just plain silly. I predict the outcome will provide no real deterrent to criminal cyber adventures. Furthermore, it's irrelevant whether an attack is launched by a criminal enterprise or it is motivated by tacit approval from a foreign government who wants plausible deniability in their "test" of our defenses. We need one doctrine of overwhelming response to ANY attack.
  2. The word "equivalence" appears in the doctrine, implying "proportional response." My assertion is that the threat of overwhelming and disproportionate response is the only workable deterrence. 
  3. "Pentagon officials believe the most-sophisticated computer attacks require the resources of a government." Translated, "Our Beltway Bandit buddies need to be reassured that the big contracts will keep on sloshing their way." Pure balderdash! The whole idea of The Morgan Doctrine is to monetize cyber security as to feed the federal till, not tap into it with the same control-from-the-top mentality that gridlocks all political processes.
In the same issue of the WSJ, Lockheed and PBS attacks illustrate the futility of centralized cyber command and control. What we truly need are licensed and bonded cyber privateers who can sell insurance policies to the likes of Lockheed, PBS and dear old Sony. Let market forces cull the cyber criminal herd.

No comments:

Post a Comment

Implementation suggestions for THE MORGAN DOCTRINE are most welcome. What are the "Got'chas!"? What questions would some future Cyber Privateering Czar have to answer about this in a Senate confirmation hearing?