Reducing America’s Cyberwar Capabilities to a Maginot Line

Thursday, October 13, 2011

Dan Dieterle

B64e021126c832bb29ec9fa988155eaf

If it’s O.K. to attack me, and I’m not going to do anything other than improve my defenses every time you attack me, it’s very difficult to come up with a deterrent strategy.” – Gen. James E. Cartwright

From 1930-1940 France created a line of defenses that ran along its border with Germany and Italy.

The massive fortification of bunkers, artillery emplacements, tank obstacles and machine gun nests was created to protect France and deter any possible invasion from foreign countries. (Click image to enlarge)

image

It was strong, almost impregnable, and would be very difficult for any nation to attack it without suffering great loss.

When WWII started, Germany simply went around it and defeated France in a very short amount of time.

Defensive strategy is a good thing, but you must also have a capable offensive force. Strong offensive capabilities can deter attacks all together.  A nation will think twice before attacking a country if the target force is strong enough to counter attack and cause significant damage.

The United States has been ravished electronically by infiltrating sources that have pilfered military secrets, financial information and account credentials. According to some, our national infrastructure has also been infiltrated and key systems backdoored. The enemy shows no signs of letting up, but how could these attacks continue so unabated?

Especially when the US is so technologically advanced. Surely the US must have some sort of offensive deterrent.

Rest assured, the US is just as capable, if not more, than any other nation of performing offensive capabilities. But we are hamstrung by legalese and political infighting. According to an article on Federal Computer Week, cybersecurity has become a political partisan issue in congress.

It also appears that military offensive capabilities are on hold for a “legal review of cyber capabilities intended for use in cyberspace operations.” AIR FORCE INSTRUCTION 51-402 is an interesting read and really displays the issues that we are facing. Some points that stick out are:

  • Ensure all weapons being developed, bought, built, modified or otherwise being acquired by the Air Force that are not within a Special Access Program are reviewed for legality under LOAC, domestic law and international law prior to their possible acquisition for use in a conflict or other military operation. This authority may be delegated to the Director, Operations and International Law Directorate (AF/JAO).
  •  3.1.2.1. Whether the weapon or cyber capability is calculated to cause superfluous injury, in violation of Article 23(e) of the Annex to Hague Convention IV; and
  • 3.1.2.2. Whether the weapon or cyber capability is capable of being directed against a specific military objective and, if not, is of a nature to cause an effect on military objectives and civilians or civilian objects without distinction.

These issues need to be ironed out quickly. We cannot rely on defensive capabilities alone. With no threat of retaliation, the offensive electronic onslaught will continue against this nation.

Cross-posted from Cyber Arms

Possibly Related Articles:
10858
Network Access Control
Federal
Military Cyberwar Cyber Security National Security Cyber Offense Cyber Defense
Post Rating I Like this!
Default-avatar
Chris Rich Nice work. Command-and-control units and the people controlling them must be neutralized regardless of where they reside. Cyberthreats should be treated no differently than physical or economic ones though the international legal intricacies to support this still have a long way to go before they can be effectively leveraged.

Chris Rich
Product Manager
NetWrix Corporation
NetWrix is #1 for Change Auditing and Compliance
1318876185
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.