http://www.homeland1.com/print.asp?act=print <http://www.homeland1.com/print.asp?act=print&vid=907950> &vid=907950
11/11/2010 Leaving deterrence behind: War-fighting and national cyber-security New study says an offense-defense strategic framework must be adopted to combat cyber threats By Doug Page http://homeland1.com/data/11_11navy.jpg Sailors assigned to U.S. Navy Cyber Defense Operations Command monitor, analyze, detect and respond to unauthorized activity within U.S. Navy information systems and computer networks. (Photo by Mass Communication Specialist 2nd Class Joshua J. Wahl) Related Resource: . <http://www.bepress.com/jhsem/vol7/iss1/22/> Leaving Deterrence Behind: War-Fighting and National Cybersecurity In 2004, the origins of a massive cyber espionage ring were traced back to a team of Chinese government-sponsored researchers in Guangdong Province. The hackers were able to steal information from U.S. military labs, NASA, the World Bank and others. In 2006, the State Department admitted it had become a victim of a cyber attack. The hackers worked their way around the State system, breaking into U.S. embassy computers throughout Asia, eventually penetrating some domestic systems as well. Also in 2006, a computer attack against the Commerce Department's Bureau of Industry and Security network crippled the agency, forcing it to discard hundreds of computers. The attacks were believed to originate on Chinese servers. In 2009, the Obama Administration released its initial effort to address cyber-aggression, which mainly focuses attention on the organizational and bureaucratic decision-making infrastructure necessary to achieve cyber-security, while providing a few general guidelines about goals and means. It does not, however, address the more fundamental question of strategic approach. A recent Journal of Homeland Security and Emergency Management paper suggests that it's time to resolve the core issue of what organizing principle should drive the nation's cyber-security policy. "The past three U.S. administrations have struggled to develop a comprehensive cyber-security policy," said the paper's author, University of Cincinnati political scientist Richard Harknett. He said much of that struggle is the result of the sheer complexity of the problem, but also results from an unwillingness to accept the fundamental strategic context of cyber-security. The paper provides an analysis first of what strategic framework should not guide national cyber-security. Harknett said the strategy of deterrence was and remains fundamental to the nuclear environment and over the past 60 years has become the anchor of strategic thinking in the United States. "But strategy must be tied to the fundamental conditions of a strategic environment and the fundamentals of cyberspace undermine deterrence," he said. "It's unsustainable." Harknett told Homeland1 that the conditions actually require the capability to defend vigorously and continuously and, at times, to engage offensively. "Cyberspace is really a war-fighting environment, not a deterrence environment," he said. "If you have strong defenses and strong retaliatory/offensive capabilities, you might reduce incentives for attack, what I call deterrence residuals, but the construct is being good at defending and attacking, not relying on deterring." The first step to get where we need to be, he said, is to simply acknowledge the reality of cyberspace. "Accepting that deterrence might only work in certain strategic environments and that cyberspace is not one of them is the necessary first step to developing a sustainable and effective national cyber-security strategy," Harknett said. It appears the government is still leaning toward reaction and deterrence as a strategy, however. In October, the departments of Defense and Homeland Security joined forces to achieve military and civilian cyber-security. Deputy Defense Secretary William Lynn said during an Oct. 14 Pentagon Channel interview, "What we're doing in our defense cyber-strategy is developing appropriate responses and defenses" for each type of cyber attack. [Non-text portions of this message have been removed] ------------------------------------ -------------------------- Want to discuss this topic? Head on over to our discussion list, [email protected]. -------------------------- Brooks Isoldi, editor [email protected] http://www.intellnet.org Post message: [email protected] Subscribe: [email protected] Unsubscribe: [email protected] *** FAIR USE NOTICE. This message contains copyrighted material whose use has not been specifically authorized by the copyright owner. OSINT, as a part of The Intelligence Network, is making it available without profit to OSINT YahooGroups members who have expressed a prior interest in receiving the included information in their efforts to advance the understanding of intelligence and law enforcement organizations, their activities, methods, techniques, human rights, civil liberties, social justice and other intelligence related issues, for non-profit research and educational purposes only. We believe that this constitutes a 'fair use' of the copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use this copyrighted material for purposes of your own that go beyond 'fair use,' you must obtain permission from the copyright owner. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtmlYahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/osint/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/osint/join (Yahoo! ID required) <*> To change settings via email: [email protected] [email protected] <*> To unsubscribe from this group, send an email to: [email protected] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
