While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
There are more than 10,000 words in the "International Strategy for Cyberspace." Not one of them is "militarize." Yet that's the word that was heard round the world when the White House released the document in May.
The strategy lays out the values worth preserving on the Internet, the norms for responsible cyberbehavior and the steps the United States, along with its allies, will take to protect it. "It's what George H.W. Bush would have called 'the vision thing,' " says James Andrew Lewis, director and senior fellow at the Center for Strategic and International Studies.
Yet many focused on one section — one paragraph, in particular — toward the middle of the document. In essence, it states that the United States reserves the right to use military force to respond to hostile acts in cyberspace.
It's about defense, says Martin Libicki, senior management scientist at Rand and author of the 2007 book Conquest in Cyberspace: National Security and Information Warfare, but if it ever came to that, the military could shift into offensive operations. "Or we might choose to ignore it," he adds. "Let's say North Korea turned out the lights in the United States. Would we want to start a second Korean war over it? Think of it as a placeholder."
But other countries did not regard it as a placeholder, he explains. "They look at the document as an indication that we fully intend to militarize cyberspace."
So in July, Deputy Defense Secretary William J. Lynn, III confronted the issue while speaking at the National Defense University about the long-awaited "Department of Defense Strategy for Operating in Cyberspace."
The strategy, issued in July, focuses on improving the security of the Internet and the nation's critical infrastructure to deter would-be attackers. "Far from 'militarizing' cyberspace, our strategy of securing networks to deny the benefit of an attack will help dissuade military actors from using cyberspace for hostile purposes," Lynn said while introducing the strategy.
Much of it is not new. Lynn has been discussing the essential elements of the strategy since last fall. "However, the release of the strategy is an important milestone for the Defense Department," explains Lt. Col. April Cunningham, a DOD spokeswoman. "It is the first unified strategy for DOD's cyberspace operations. Â It recognizes the opportunities and challenges that cyberspace presents and the need for DOD to organize, train, and equip for them."
The strategy outlines five strategic initiatives:
"Our information technology infrastructure will not change overnight," Cunningham says. "But over the course of a generation, we have a real opportunity to engineer our way out of some of the most problematic vulnerabilities of today's technology."