Cyber Security

A view to the future: US Cyber Strategy

It has been a while since I last posted on my old blog which has now been closed. So here is the start of the new blogs here. Apologies for the delay in getting to this point – I have been active on my mini-projects and during the Easter break I took some well-earned rest over in Madrid. However over the past couple of weeks we have got a somewhat more detailed view of cyber security from the United States and when there would be a case under their doctrine for a response. This is just a brief look at the speech by the Secretary of Defense, Ashton Carter, on the new Department of Defense’s Cyber Strategy, that capture some of the thinking behind their thinking. Though there is some hyperbole behind the media response to this new strategy (Daily Mail (UK)) regarding ‘cyber war’, there are some good articles such as those by the Washington Post. This article shows how much more pragmatic the US is becoming (moving away from Leon Panetta’s ‘cyber Pearl Harbor‘ remarks). I think this is a particularly wise move – as drumming up some form of comparison with Pearl Harbor does no good to anyone.

In the speech by Carter, there is an interesting connection between academia, government, and the Pentagon in WWII and the Cold War. This is detailed below:

“Looking out over the last 75 years, we’ve had a long history of partnership. Sometimes the bonds between the academy, industry, and defense were particularly close…like during World War II, when the Manhattan Project and the MIT Radiation Laboratory and others brought together the brightest minds, and the best of industry cranked out the ships, planes, and tanks – at what are now astonishing to us numbers. And another was during the Cold War, when a cross­section of military, academic, and private­ sector experts paved the way to a future of precision­guided munitions, battle networks, and stealth. At times, we also eyed each other warily – like when Bobby Inman faced off against Martin Hellman and Whit Diffie over public­key encryption and commercialization; or during the controversy over the Clipper ship – chip – Clipper chip, excuse me, in the 1990s; and, more recently, after the actions of Edward Snowden.”
What is interesting in the above quote is the doctrine of the past 15 or so years since 9/11 and the ‘War on Terror’ is mysteriously missing. There have been significant collaborations between industry and government in particular in this period. So it would seem odd for this to be somehow not mentioned? It is well known large segments of academia have been very unhappy with some of the policies of the ‘War on Terror’ and the George Bush State of Union Address 2002 describing the ‘axis of evil’. Therefore there is a deliberate construction, I believe, of a third new major collaboration and challenge for the USA in ‘cyber’ security. This is a repositioning of foreign and domestic policy to one based on broad-based consensus rather than the more divisive politics of Bush.
Carter announces three core elements of the new problem facing the USA in ‘cyber’:

“This is one of the world’s most complex challenges today, which is why the Department of Defense has three missions in the cyber domain. The first is defending our own networks and weapons, because they’re critical to what we do every day…and they’re no good if they’ve been hacked. Second, we help defend the nation against cyberattacks from abroad– especially if they would cause loss of life, property destruction, or significant foreign policy and economic consequences. And our third mission is to provide offensive cyber options that, if directed by the President, can augment our other military systems.”

The first two have been commonplace and widely accepted in US approaches to cyber security. It is the third, to provide offensive cyber options, which is the clearest statement yet that the US is willing to participate in forms of cyber attack (or war, though I still don’t fully see this as a possibility in the current theorisations we have). For those who surround themselves in cyber security – this is not something we did not know before. For example look at the Stuxnet case on the Nantanz enrichment facility in Iran and have a look on Google on the cyber security courses that are accredited by the NSA in US universities that are clearly focused towards the ability to train young people for offensive operations.

By publicly disclosing this policy there is both a foreign and domestic aim. Abroad it is a confirmation of what every state already knew about US cyber operations – and therefore be able to use it as a proxy for potential intervention. Domestically, it is to garner support for the intelligence agencies after Snowden and establish a broad-based consensus around cyber operations from a ‘third’ threat. This requires a redrawing and collecting forgetting of the ‘war on terror’ as somehow not one of the major threats to the US (regardless whether one agrees with this or not).

Leave a Reply