During Congressional testimony on Wed 10 June, LTG Keith Alexander, Director of NSA and Cdr of the JFCC-NW, called for a robust response to any cyber intrusion.  He said quite plainly that we needed a “Monroe Doctrine” for cyber.  This is quite a statement.

One wonders if the DirNSA is merely running a flag up to see who salutes, or if he is serious.  Such a statement has several implications. One, it seems to mean that he thinks we already have the capabilities to back up such a policy. Two, it implies that we have the forensic capabilities to determine against whom to strike. The third is that it borders on a declaratory policy that we will strike back against cyber intrusions, something we have not stated before.

An alternate and far less thought provoking explanation if that Alexander is merely using hyperbole to make the point that cyber security IS vitally important, and we need to take it very seriously.  If this is the case, he should avoid such colorful but inflammatory statements.  They can be misinterpreted by others.

Hopefully, in the future we will have the kind of assets that would allow the President to at least consider such a policy, but most experts do not believe they presently exist in a form that is sufficiently precise to use as a back up for a Monroe Doctrine.  Many believe we should never beat our chests, as this is seldom profitable in international relations.  We definitely shouldn’t beat our chests if we cannot execute the threat.

Offensive capability is a key to deterrence.  We need it, and the sooner we have the option of verifiable attribution and precise retribution, the sooner many cyber threats will lessen (not go away, but lessen).  That day is not here.  Therefore, we need to continue to develop active, agile, defenses that go beyond building higher, thicker “walls”, and adaptive, resilient networks that can adjust to assaults and continue to function.

Thanks General for the thought, but I am not sure you should have said it.

Dr. Steven Bucci is director of the Allison Center for Foreign Policy Studies at The Heritage Foundation. He was previously a lead consultant to IBM on cyber security policy. Bucci’s military and government service make him a recognized expert in the interagency process and defense of U.S. interests, particularly with regard to critical infrastructure and what he calls the productive interplay of government and the private sector. Read More
  • Vic Winkler

    Attack and Defend are complimentary sides of the same problem space. They must both be supported by the same kinds of activities in most cases. It is beneficial to view cyber operations with a background in C2W. A quick overview of this can be found here: