During Congressional testimony on Wed 10 June, LTG Keith Alexander, Director of NSA and Cdr of the JFCC-NW, called for a robust response to any cyber intrusion. He said quite plainly that we needed a “Monroe Doctrine” for cyber. This is quite a statement.
One wonders if the DirNSA is merely running a flag up to see who salutes, or if he is serious. Such a statement has several implications. One, it seems to mean that he thinks we already have the capabilities to back up such a policy. Two, it implies that we have the forensic capabilities to determine against whom to strike. The third is that it borders on a declaratory policy that we will strike back against cyber intrusions, something we have not stated before.
An alternate and far less thought provoking explanation if that Alexander is merely using hyperbole to make the point that cyber security IS vitally important, and we need to take it very seriously. If this is the case, he should avoid such colorful but inflammatory statements. They can be misinterpreted by others.
Hopefully, in the future we will have the kind of assets that would allow the President to at least consider such a policy, but most experts do not believe they presently exist in a form that is sufficiently precise to use as a back up for a Monroe Doctrine. Many believe we should never beat our chests, as this is seldom profitable in international relations. We definitely shouldn’t beat our chests if we cannot execute the threat.
Offensive capability is a key to deterrence. We need it, and the sooner we have the option of verifiable attribution and precise retribution, the sooner many cyber threats will lessen (not go away, but lessen). That day is not here. Therefore, we need to continue to develop active, agile, defenses that go beyond building higher, thicker “walls”, and adaptive, resilient networks that can adjust to assaults and continue to function.
Thanks General for the thought, but I am not sure you should have said it.