http://blogs.forbes.com/seanlawson/2011/08/01/dods-first-cyber-strategy-is-neither-first-nor-a-strategy/ By Sean Lawson Net Assessment Forbes.com August 1, 2011 The Department of Defense has released its long-awaited "Department of Defense Strategy for Operating in Cyberspace" [PDF], as well as a website devoted to selling that strategy. The strategy has faced no shortage of criticism over the last couple weeks, from VCJS Gen. James Cartwright's criticism that it is too defensive and too predictable to Richard Clarke’s criticism that the strategy is not a strategy at all. I agree with the basic arguments of both of these critiques. This piece is the first in a series that I will be posting over the course of the coming week, in which I will provide my own take on the DOD cyberspace strategy. In this series of posts, I will argue that the core problem plaguing the strategy is that the focus on defense is a reflection of more problematic underlying assumptions about the nature of both cyberspace and information. The strategy takes a too narrow, technocratic view of both. It assumes that cyberspace as a "domain" is primarily physical and technological and that information is primarily a commodity that flows through and is stored by the physical infrastructure of cyberspace. Thus, the primary focus of the strategy is the defense or protection of the physical information infrastructure and the commodity that it stores and transmits. Little attention is given to the social or cognitive aspects of cyberspace and information, nor to the opportunities that they provide for contributing to achieving military objectives in other domains and promoting the national interest more generally. I will expand on each of these points in future posts. But in this post I want to begin by calling into question the "firstness" of what Deputy Secretary of Defense William J. Lynn, III called "the Department's first ever Strategy for Operating in Cyberspace" when he introduced it at the National Defense University on 14 July 2011. But in December 2006, the Joint Chiefs of Staff released the National Military Strategy for Cyberspace Operations [PDF] and it is not clear how the new "first" strategy relates to the previous "first" strategy. This confusion is an example of a more general confusion that the GAO has identified in DOD cyberspace policy as a whole. One might be tempted to think that the 2011 strategy is more broadly applicable to DOD than the 2006 strategy. But the 2006 strategy was also meant to be applicable to all DOD components: [...] ___________________________________________________________ Attend Black Hat USA 2011, hosted at Caesars Palace in Las Vegas, Nevada July 30-Aug 4, offering over 60 training sessions and 9 tracks of Briefings from security industry elite. To sign up visit: http://www.blackhat.comReceived on Wed Aug 03 2011 - 02:48:10 PDT
This archive was generated by hypermail 2.2.0 : Wed Aug 03 2011 - 02:46:56 PDT