DoD Releases Strategy for Operating in Cyberspace

Friday, July 15, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

The Department of Defense has released a document that provides an outline for military-based cyber operations titled Strategy for Operating in Cyberspace (pdf) that contains five specific strategic initiatives.

A summary of the document is as follows:

"The security and effective operation of U.S. critical infrastructure – including energy, banking and finance, transportation, communication, and the Defense Industrial Base – rely on cyberspace, industrial control systems, and information technology that may be vulnerable to disruption or exploitation."

"In developing its strategy for operating in cyberspace, DoD is focused on a number of central aspects of the cyber threat; these include external threat actors, insider threats, supply chain vulnerabilities, and threats to DoD‘s operational ability. DoD must address vulnerabilities and the concerted efforts of both state and non-state actors to gain unauthorized access to its networks and systems."

"Potential U.S. adversaries may seek to exploit, disrupt, deny, and degrade the networks and systems that DoD depends on for its operations. DoD is particularly concerned with three areas of potential adversarial activity: theft or exploitation of data; disruption or denial of access or service that affects the availability of networks, information, or network-enabled resources; and destructive action including corruption, manipulation, or direct activity that threatens to destroy or degrade networks or connected systems."

"Cyber threats to U.S. national security go well beyond military targets and affect all aspects of society. Hackers and foreign governments are increasingly able to launch sophisticated intrusions into the networks and systems that control critical civilian infrastructure. Given the integrated nature of cyberspace, computer-induced failures of power grids, transportation networks, or financial systems could cause massive physical damage and economic disruption. DoD operations—both at home and abroad—are dependent on this critical infrastructure."

"While the threat to intellectual property is often less visible than the threat to critical infrastructure, it may be the most pervasive cyber threat today. Every year, an amount of intellectual property larger than that contained in the Library of Congress is stolen from networks maintained by U.S. businesses, universities, and government departments and agencies. As military strength ultimately depends on economic vitality, sustained intellectual property losses erode both U.S. military effectiveness and national competitiveness in the global economy."

  • Strategic Initiative 1: Treat cyberspace as an operational domain to organize, train, and equip so that DoD can take full advantage of cyberspace’s potential.
  • Strategic Initiative 2: Employ new defense operating concepts to protect DoD networks and systems.
  • Strategic Initiative 3: Partner with other U.S. government departments and agencies and the private sector to enable a whole-of-government cybersecurity strategy.
  • Strategic Initiative 4: Build robust relationships with U.S. allies and international partners to strengthen collective cybersecurity.
  • Strategic Initiative 5: Leverage the nation’s ingenuity through an exceptional cyber workforce and rapid technological innovation.
Source:  http://www.defense.gov/news/d20110714cyber.pdf
Possibly Related Articles:
6513
Network->General
SCADA Security Strategy Government Military DoD Intellectual Property Headlines Infrastructure Pentagon National Security Cyber Warfare Cyber Defense
Post Rating I Like this!
A762974cfbb0a2faea96f364d653cbc6
Michael Menefee Looks like more high-level, un-actionable, US Gov Bullfrak to me...
1310761530
Ec9b0ab31140696dd578b354b1054635
Vulcan Mindm3ld I am not impressed.
1310764533
A762974cfbb0a2faea96f364d653cbc6
Michael Menefee @Vulcan, especially not with the Pentagon, CIA and other agencies recently infiltrated by children (or, as the pentagon claims "by another country")...what happened to data classification and RBAC controls that used to be in place? no wonder the dbags running as Cyber Czar and CIO resigned in the past few years...maybe they were already aware of some breaches?...hope Harvard's ready for both of them
1310765158
Ec9b0ab31140696dd578b354b1054635
Vulcan Mindm3ld haha! Excellent point about those resignations. I would suspect there were many reasons they resigned but my cynical nature leads me to believe the overwhelming bureaucracy and general stubbornness of some groups to change fueled their blast off.

Perhaps,they felt as if they were just hitting a brick wall too much. They did do a lot of stuff but in my opinion it was mainly just media-worthy change -- like $99 paint job on a hoopty.

Too often I hear: It's too risky to change NOW so, we need to MUCH more planning (by then, the landscape has changed). Or it is TOO expensive to implement that stuff right NOW.

These are just my opinions formed from my tiny, pinhole view into the bigger problem.
1310766514
A762974cfbb0a2faea96f364d653cbc6
Michael Menefee @vulcan...maybe they just need a bigger pinch on the neck from Mr Spock :)
1310774833
Ec9b0ab31140696dd578b354b1054635
Vulcan Mindm3ld hahaha! Nope.. they're already asleep!
1310775056
Ba829a6cb97f554ffb0272cd3d6c18a7
Kevin McAleavey Perhaps if they stopped passing the sweet and sour shrimp and walked down the hall and talked to a few geeks?

Nah.

Defenestration is *not* an option.
1310775807
A762974cfbb0a2faea96f364d653cbc6
Michael Menefee something else that's always struck me as odd about the whole US "Cyber Defense" capabilities....almost everyone capable of actually contributing to it cannot get the clearance necessary to do so....also--they dont want to...who the hell runs the "cyber" defense initiatives for this country anyways? I'd like to hear from them here...give us some damn clue as to why the CIA's websites were defaced, why the Pentagon documents were leaked, and why almost NONE of the douchesec(lulz) anonholes have been arrested...seriously..how hard can it be for the most powerful country in the world to make frak happen?

1310776862
Ba829a6cb97f554ffb0272cd3d6c18a7
Kevin McAleavey Looks like Joe Black really IS in charge of all that.
1310776959
A762974cfbb0a2faea96f364d653cbc6
Michael Menefee Kevin, he might as well be...

and dont get me wrong--i think there are MANY qualified infosec professionals (a lot of them post on this site) have solutions to help...

ever try getting on a GSA schedule? it's rigged to ensure that the unqualified get preference based on race, sex and disability--not experience or expertise...that has to change if the US Gov wants to get a real handle on security

Here's a message to the next President of the United States---embrace the private sector, do your due diligence, change your policy on security clearance, etc...what is working now, aint working
1310777408
Ba829a6cb97f554ffb0272cd3d6c18a7
Kevin McAleavey Agreed! Throughout the 90's, our previous company was on GSA and we had a lot of customers in government. When a new administration rolled around in 2001, we were off it and were never able to get back on even under the current administration.

When we tried to talk to our congressfish here in Albany, we were referred to the small animal administration and still nothing. And we ARE an MWBE. Ah well ... Uncle Sammy's got the situation well in hand. No need for us.
1310777941
Ec9b0ab31140696dd578b354b1054635
Vulcan Mindm3ld Another concern of mine is the government being taken advantage of again in their pursuit of initiative #5 ("...rapid technological innovation.")

In the past, we've seen millions of dollars being wasted in attempt to gain a technological upper-hand too quickly but from less-than scrupulous people. Leaders were wooed by demoware.

Integrity has ALWAYS been critical but it is more important than EVER to identify those who are do not have it. I am so glad people such as Infosec Island and Attrition.org are shining some light on these charlatans.

1310916547
Ba829a6cb97f554ffb0272cd3d6c18a7
Kevin McAleavey Well ... now that the defense contractors are lining up at the trough, I'm sure they'll come up with an antivirus that works toute suite. :)

Alabama: The next internet bubble.
1310934103
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.