Pentagon Prepares for Fighting Cyberwar
The Christian Science Monitor reports:
The Pentagon is rapidly preparing for cyberwar in the face of alarming and growing threats, say senior defense officials, who add that sophisticated attacks have prompted them to take the striking step of investigating the feasibility of expanding NATO’s collective defense tenet to include cyberspace.
But as such planning intensifies, the military is struggling with some basics of warfare – including how to define exactly what, for starters, constitutes an attack, and what level of cyberattack warrants a cyber-reprisal.
“I mean, clearly if you take down significant portions of our economy we would probably consider that an attack,” William Lynn, the deputy secretary of defense, said recently. “But an intrusion stealing data, on the other hand, probably isn’t an attack. And there are [an] enormous number of steps in between those two.”
Today, one of the challenges facing Pentagon strategists is “deciding at what threshold do you consider something an attack,” Mr. Lynn said. “I think the policy community both inside and outside the government is wrestling with that, and I don’t think we’ve wrestled it to the ground yet.”
Equally tricky, defense officials say, is how to pinpoint who is doing the attacking. And this raises further complications that go to the heart of the Pentagon’s mission. “If you don’t know who to attribute an attack to, you can’t retaliate against that attack,” noted Lynn in a recent discussion at the Council on Foreign Relations.
As a result, “You can’t deter through punishment, you can’t deter by retaliating against the attack.” He lamented the complexities that make cyberwar so different from, say, “nuclear missiles, which of course come with a return address.”
How to pinpoint the source of a cyberattack is a subject being discussed by Pentagon officials with their counterparts in Britain, Canada, and Australia, among others, in advance of the upcoming NATO summit in Lisbon in November, at which cyberwarfare is an item on the agenda. Officials from NATO member states are also discussing such fundamental issues as how to share information and exchange related technologies, illustrating that the concept of a collective cyberwarfare defense is still in its infancy.
Lynn is among those working to develop the Pentagon's new cyberstrategy, which is focusing both on how to defend the military's classified networks as well as how to protect the Internet itself.
This upending of some key tenets of military doctrine is prompting the Pentagon to look to some surprising new places for strategic models of cyberdefense, including public health. “A public health model has some interesting applications," Lynn said. "Can we use the kinds of techniques we use to prevent diseases? Could those be applied to the Internet?”
To that end, the Pentagon is now researching means of introducing internal defenses to the Internet so that it acts more like a human organism. When it’s hit with a virus, for example, it might mutate to fend it off. Such strategies are meant to “shift the advantage much more to the defender and away from the attacker,” Lynn said.
Click here to read more.
