Given the flurry of recent cyber attacks and the significant attention these issues have generated of late, I had high expectations for a forward-leaning DoD Cyber Strategy. Unfortunately I was underwhelmed. Thus my colleague Sharon Cardash and I penned a commentary for Nextgov that I thought might be of interest to our Security Debrief readers. An excerpt is below.
Commentary: Defense Cyber Strategy Avoids Tackling the Most Critical Issues
Summer in Washington is not usually the time when major news breaks. This year is proving the exception as lawmakers and the White House struggle with the debt ceiling. Amid this economic activity, the Defense Department on July 14 issued its Strategy for Operating in Cyberspace. Given the volume and nature of nefarious cyber activity seen recently, a bold and innovative plan could have been expected. Those hoping for such would have been disappointed, however, at least by the unclassified version of the document made publicly available. With so much at stake, either in the cyber domain or dependent on it, a clear-eyed assessment of the strategy — its strengths, weaknesses and gaps — is in order. Indeed, the future shape of both conflict and warfare likely will include a cyber component.
In the last five years alone, there have been more than six dozen significant cyber incidents, according to a running compilation by the Center for Strategic and International Studies. Targets have included Defense, the State and Commerce departments, and major defense contractors. Classified defense networks have been hacked. The asymmetry is striking: consider unmanned aerial vehicle operations in Iraq breached by insurgents on laptops with cheap file-sharing software. Online crime and fraud have generated millions, if not billions, of dollars in ill-gotten gains. Worse yet, the most sophisticated actors and incidents go undetected, as foreign intelligence services engage in cyber espionage, often combining technical and human intelligence in their exploits. With everything from critical infrastructure to intellectual property potentially at risk, the need for a correspondingly robust yet sophisticated counterposture is clear. So what did the Defense Department deliver?
Read the full story: Defense Cyber Strategy Avoids Tackling the Most Critical Issues