Why Pentagon cyber strategy is divorced from reality.


Flask Data provides a one-stop cloud subscription for EDC, data management and statistics.

From the recent September/October 2010 issue of Foreign Affairs – William Lyn U.S. Deputy Secretary of Defense writes about defending a new domain.

The  long, eloquently phrased article, demonstrates that the US has fundamental flaws in it’s strategic thinking about fighting terror:

Predicting cyberattacks is also proving difficult, especially since both state and nonstate actors pose threats…..Given these circumstances, deterrence will necessarily be based more on denying any benefit to attackers than on imposing costs through retaliation.

And in summary:

“The principal elements of that strategy are to develop an organizational construct for training, equipping, and commanding cyberdefense forces …to build collective defenses with U.S. allies; and to invest in the rapid development of additional cyberdefense capabilities. The goal of this strategy is to make cyberspace safe…”

It is unfortunate that a politruk has so much influence on US cyber security.

The US and European governments consistently adopt strategic policies that were obsolete  years before they came into office.

Just as the Obama administration is crippled by flawed assumptions about the regional balance of power in the Middle East, Washington still sees security as an exercise in organizational constructs, inter-agency collaboration and better defenses and pats itself on the back for recognizing that there is a new domain of threats….when the Internet was invented 20 years ago.

Lyn’s laundry lists of strategic objectives phrased in politically-correct corporate-speak are the wrong answer for improving cyber-security. When Lynn himself, speaks extensively about the need for speed and flexibility, the answer cannot be more government-funded monolithic, bureaucracies.

The private – public partnership is particularly problematic in my view.    The really smart people in security technologies are at small startups – not at Raytheon and Symantec and all the other big corporates that have enough lobbyist resources to line up and eat pork from the Federal plate.  And – why – if I may challenge some conventional wisdoms – should companies like Symantec be allowed to influence US cyber defenses when they have done an abysmal job protecting civilian networks and digital assets? And – why- should Microsoft be part of the solution when they are part of the problem.

Perhaps the US should start by outlawing Windows and using Ubuntu which is not vulnerable to removable USB device auto run attacks.

Perhaps the US should start getting more humint on the ground instead of gutting the CIA from it’s human assets and relying on satellites and network intercepts.   At the time of 9/11 – the CIA had no human assets in Saudi and since the Clinton administration – investment in people on the ground has gone downhill.   I hear the sign in the CIA station chief office in Riyadh says “Better to do nothing then to do something and look bad”.

Perhaps the US should consider that there are numerous offensive alternatives to retaliation (which indeed is not an effective countermeasure due to the extreme asymmetry of cyber attacks).

Perhaps the US should consider that cyber attackers are not motivated by economic utility functions and therefore utility-function-based defenses are not appropriate.

The security concept proposed by Lynn is  sadly divorced from reality.

Related Posts Plugin for WordPress, Blogger...

Flask Data is a technology company with a strong people focus. We are a diverse group of computer scientists and clinical operations specialists based in Israel, the US and India. We are accomplished at providing our customers with the most effective way to achieve high quality clinical data and assure patient safety. There is no single solution that works for every clinical trial. We work hard to understand your unique situation. We work with your team to develop the best solution to achieve high quality clinical data and assure patient safety the same day you engage with patients.

Flask Data – same data data and safety solutions for clinical trials.

Contact us to learn more

Tell your friends and colleagues about us. Thanks!
Share this

Leave a Reply