The 2011 US Department of Defense Strategy for Operating in Cyberspace is a 2011 US Department of Defense Strategy for Cyberspace Operations Strategy document that assesses the challenges and opportunities that arise from the increasing importance of information technology for military, intelligence, and business. The full text of the 40-page document is classified, in July 2011 its 19-page release was published for wide access, which describes the strategic context and five “Strategic Initiatives” that describe the Pentagon’s mission in cyberspace [1] .
Content
Strategic Context
The description of the strategic context contains a set of “strategic advantages in cyberspace” [1] , which include operational communication and the possibility of exchanging information and knowledge in the field of information technology , including the conduct of expert reviews in the field of cybersecurity . An additional emphasis is placed on the development of US international cooperation in cyberspace through international cooperation, collective self-defense , and the establishment of international standards governing cyberspace.
Cyberthreats
The paper begins with a discussion of ongoing cyber threats, further encompassing a broader context. It is noted that the wide availability of various hacker programs that can cause disproportionately large damage at a low cost of resources poses a significant threat to US national security. The analysis of external and internal threats, vulnerabilities of supply chains and threats to the operational activities of the Ministry of Defense. In addition, the document mentions that the Ministry of Defense should take “concerted actions by state and non-state organizations to suppress unauthorized access to their computer networks and systems.” [1] The document assesses emerging threats as complex and critical to national and economic security.
Strategic Initiatives
In light of the risks and opportunities arising from the Department of Defense and the US Administration in using cyberspace, the document contains five strategic initiatives, the implementation of which will allow “to act effectively in cyberspace, protect national interests, and ensure national security interests [1] ”.
Strategic Initiative 1
“To use cyberspace as an operational space, to organize its equipment and training of personnel so that the Ministry of Defense can take full advantage of the potential of cyberspace [1] .”
According to the document, this initiative allows the Pentagon "to organize training and equipping of cyberspace in the same way as in the aviation, land and sea parts, in order to protect the interests of national security." Back in 2010, the US Cyber Command was created as a unit of the US Strategic Command to coordinate the cyber command of the army , navy , aviation , coast guard and marine corps . The US Cyber Command is organizationally combined with the National Security Agency (the Commander of the Cyber Command is simultaneously the head of the NSA) [1] .
Strategic Initiative 2
"Apply new security concepts to protect computer networks and systems of the Ministry of Defense [1] ."
This initiative includes the use of best practices in cyber hygiene, including updated software and improved management of computer networks . The Ministry of Defense will take measures to improve staff skills, improve reporting, internal control and information flow management capabilities to reduce the level of internal threats. In addition, steps will be taken to enhance protection to prevent intrusions , and to develop new concepts for protecting networks and computing architectures, including mobile media and secure cloud computing , in order to ensure timely security for rapidly changing devices and applications [1] .
Strategic Initiative 3
“Partnerships with other US government departments and agencies and the private sector for a nationwide cybersecurity strategy.” [1]
Many of the critical functions of the Department of Defense depend on business partners, including Internet service providers and global supply chains , which pose risks that the Department of Defense plans to reduce with the Department of Homeland Security . The joint planning of these two departments will increase the effectiveness of measures in cyberspace, while protecting the privacy of citizens and civil liberties, as well as save budget funds.
Back in 2007, the U.S. Department of Defense launched the Defense Industrial Base Cyber Security and Information Assurance program for the cyber security and information security industry.
The Ministry of Defense also organized a pilot project in the format of public-private partnerships in order to expand the exchange of information aimed at developing solutions to increase cybersecurity [1] .
Strategic Initiative 4
“Build reliable relationships with US allies and other international partners in order to enhance overall cybersecurity” [1] .
Supporting the US International Strategy for Cyberspace, the Department of Defense will seek to establish reliable relationships with foreign partners to develop self-defense measures and collective containment of cyber threats. This includes the development of international norms and principles for action in cyberspace, deterring malicious actors and protecting vital national assets. The measures planned by the ministry involve joint training of specialists, the exchange of best practices and the development of cooperation mechanisms [1] .
Strategic Initiative 5
“To increase the ingenuity of the nation due to the high professionalism of personnel and rapid technological innovation [1] .”
The Department of Defense intends to use the best scientific, academic and economic resources of the United States to form a corps of qualified personnel, both military and civilian, to work in cyberspace and achieve the goals stated in the doctrine. The Ministry of Defense puts forward the following 5 principles for implementing this initiative:
- Speed is a top priority;
- The growth of software product development and testing;
- Delayed customization for speedy gradual improvement;
- Different levels of surveillance based on priority of critical systems;
- Measures to improve the security of hardware and software.
The Ministry of Defense intends to use the capabilities of small and medium-sized businesses , and work with entrepreneurs in the field of innovative technologies . Targeted investments and joint ventures will enable the Ministry of Defense to quickly develop meaningful innovative technologies.
The Ministry of Defense also organized through DARPA the National Cyber Range project, whose goal is the rapid creation of models of computer networks for military purposes, designed for testing and simulation of new technologies [2] .
One of the most important priorities of the doctrine is the training and retention of qualified personnel in the IT field. The Department of Defense will streamline the recruitment of IT professionals by providing a cross-flow between the public and private sectors. Special events will be held in terms of training IT specialists of the National Guard and reservists [1] .
Media Coverage
Publications in the Chinese media regard the doctrine as a tool to strengthen American hegemony . Thus, according to Li Shusheng, a researcher at the PRC Academy of Military Sciences , the doctrine is "a fundamental attempt by the United States to maintain its unprecedented global military superiority" [3] . Lee noted that the strategy “is clearly aimed at sovereign states as targets of cyber attacks” [3] . According to Fan Binsin, president of Peking University of Post and Telecommunications, the United States “focuses on the offensive rather than the defensive side of cyber war,” and, therefore, can “achieve its political and military goals, including intervening in the internal affairs of other countries and the military an invasion by exploiting the technological capabilities of the Internet ” [3] .
The day after the publication of the doctrine, the Voice of Russia published an article mentioning that the Pentagon 's computer network was successfully hacked in March 2011. The author of the article suggested that the Pentagon document could be adopted only in order to receive support for the new cyber defense program [4] . The author also notes that this document has been severely criticized, and concludes that in the light of recent computer attacks on the Pentagon, the American public should be much more loyal to the controversial strategy [5] .
The news resource CRN News.com cited the views of a number of American cybersecurity experts who believe that the published strategy is “too vague, resource-poor and, apparently, will not guarantee an immediate future surge.” In addition, security experts regard the Pentagon’s plans to attract private sector IT professionals as a risk factor for nationwide technological development [6] .
The Australian site CRN News.com Australia has published a release on the strategy of operations in cyberspace, considering cyberspace as the fifth sphere of warfare (after land, water, air and space) [7] .
See also
- Cyber war
- US Cyber Command
Notes
- ↑ 1 2 3 4 5 6 7 8 9 10 11 12 13 14 US Department of Defense, “Strategy for Operating in Cyberspace”, July 2011 “[www.defense.gov/news/d20110714cyber.pdf]” Accessed 09-28- 2011
- ↑ 2015 DARPA Research Program (Review of DARPA FY 2015 Research Programs) . - 2014 .-- 96 s.
- ↑ 1 2 3 China Daily USA, “US cyber strategy dangerous: Chinese experts”, June 2011 “ [1] ” Accessed 11-10-2011
- ↑ Gladkov, Vladimir, “Pentagon claims its vital data was stolen by foreign hackers”, The Voice of Russia, July 16, 2011 “ [2] ” Accessed 11-20-2011
- ↑ Gladkov Vladimir, “Pentagon claims its vital data was stolen by foreign hackers”, The Voice of Russia, July 16, 2011 “ [3] ” Accessed 11-20-2011
- ↑ Hoffman, Stephanie, “Partners wary of DoD Cyber Security Plan”, CRN News.com, 07-21-2011 “ [4] ” Accessed 12-1-2011
- ↑ Moscaritolo, Angela, “US Defense dept releases cyber operation strategy”, CRN News.com.au, 07-18-2011 “ [5] ” Accessed 11-28-2011