Pentagon Fails to Deliver Cyber War Policy Brief

Friday, July 22, 2011



The bi-partisan leaders of the Senate Armed Services Committee have sent a letter to to Defense Secretary Leon Panetta inquiring about a briefing report on cyberspace operational protocol that was mandated by law to be delivered to Congress no later than March 1, 2011.

Congress is demanding that the Pentagon describe in detail the rules of engagement for cyber operations, as well as what exactly may be construed as an act of war where cyber offenses are concerned.

"The continued failure to address and define the policies and legal authorities necessary for the Pentagon to operate in the cyberspace domain remains a significant gap in our national security that must be addressed," wrote Senators Carl Levin and John McCain in a letter to Defense Secretary Panetta.

The Pentagon is evaluating the request for additional information and has yet to reply to the Senate Armed Services Committee leadership.

"We are aware of the letter and are reviewing for comment back to the Senate," said Defense Department spokesman Lt. Col. April Cunningham.

Last week, the Department of Defense released a document that provides an outline for military-based cyber operations titled Strategy for Operating in Cyberspace that contains five specific strategic initiatives:

  • Strategic Initiative 1: Treat cyberspace as an operational domain to organize, train, and equip so that DoD can take full advantage of cyberspace’s potential.
  • Strategic Initiative 2: Employ new defense operating concepts to protect DoD networks and systems.
  • Strategic Initiative 3: Partner with other U.S. government departments and agencies and the private sector to enable a whole-of-government cybersecurity strategy.
  • Strategic Initiative 4: Build robust relationships with U.S. allies and international partners to strengthen collective cybersecurity.
  • Strategic Initiative 5: Leverage the nation’s ingenuity through an exceptional cyber workforce and rapid technological innovation.

"The security and effective operation of U.S. critical infrastructure – including energy, banking and finance, transportation, communication, and the Defense Industrial Base – rely on cyberspace, industrial control systems, and information technology that may be vulnerable to disruption or exploitation," the report states.

"Potential U.S. adversaries may seek to exploit, disrupt, deny, and degrade the networks and systems that DoD depends on for its operations. DoD is particularly concerned with three areas of potential adversarial activity: theft or exploitation of data; disruption or denial of access or service that affects the availability of networks, information, or network-enabled resources; and destructive action including corruption, manipulation, or direct activity that threatens to destroy or degrade networks or connected systems," warns the Pentagon report.

The Senate Armed Services Committee leaders expressed concern that the Strategy for Operating in Cyberspace report lacks the specifics needed for Congress to evaluate operational policies where such matters as cyber attacks, cyber espionage, and the protection of critical infrastructure, corporate intellectual property, and sensitive government information are concerned.

Though the report has been tardy for months, revelations last week that the Department of Defense suffered one of the largest ever data loss events and that a classified US military weapons system will need to be redesigned after specs and plans for the system were stolen in a defense contractor breach earlier this year have heightened Congressional concerns.

"Far from militarizing cyberspace, our strategy of securing networks to deny the benefit of an attack will help dissuade military actors from using cyberspace for hostile purposes," Deputy Defense Secretary William Lynn said in a speech at the National Defense University at Fort McNair.


Possibly Related Articles:
DoD Headlines report Pentagon Congress National Security Protocols Cyber Warfare Rules of Engagement Strategy for Operating in Cyberspace
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.