The new Strategy for Operating in Cyberspace, issued by the US Department of Defense on Thursday, covers a collection of topics that have been discussed for years and leaves a number of important unanswered questions, critics said.
Deputy Secretary of Defense William Lynn unveiled the new strategy during a speech, a transcript of which is available online.
“Our strategy’s overriding emphasis is on denying the benefit of an attack. Rather than rely on the threat of retaliation alone to deter attacks in cyberspace, we aim to change our adversaries’ incentives in a more fundamental way. If an attack will not have its intended effect, those who wish us harm will have less reason to target us through cyberspace in the first place,” Lynn said.
The plan contains a handful of initiatives, including treating cyberspace as a domain like land and sea, introducing new network defences that include sensors, software and signatures to detect and stop malicious code, coordinating with the Department of Homeland Security and the private sector and working with other countries.
“Some of these things have been written about for years,” said Rich Mogull, an analyst at Securosis. “The real challenge is, are they going to actually execute this?”
For example, the document stresses the need to work closely with private companies, to secure those providing key services such as electricity and those that serve government agencies. “It’s one thing to talk about public-private partnerships, that’s in every document going back 15 years,” Mogull said. “But it’s another to actually work out those partnerships.”