From Jason Healey, the New Atlanticist: The Department of Defense’s new cyber strategy is being released this afternoon and many cyber security professionals who read it may be disappointed that it does not say more. While there is some validity to that concern the strategy does cover important new ground on the most pressing needs such as partnering with the private sector and other nations, improving the workforce, and making a stand on defense. . . .
The five strategic initiatives, or what DoD is calling the Five Pillars, should be no surprise to DoD watchers. This has been a long windup to an underarm throw, as the Pillars are essentially unchanged from what Deputy Secretary of Defense Lynn published last year in Foreign Affairs . . .
However, the Strategy also misses some important points.
- The strategic initiatives" are five solid proposals but do not tackle that the system is “highly complex and tightly coupled”. These problems might need more radical solutions since many cannot be solved piecemeal or serially: they must be solved simultaneously. For example, the Department wants to rapidly prototype and deploy systems, get control of their supply chain, and and have a workforce that is well trained on a known baseline of systems. These are in many ways conflicting goals, especially with the existing bureaucratic processes and the Strategy falls short of squaring that circle.
- The Department will need to move beyond the low-hanging fruit of working with like-minded allies and more fully engage the larger international community. Greg Rattray suggests working with a handful of influential countries in each major region, such as Brazil, Kenya and South Africa, and Japan and South Korea, to more fully engage the world.
- Surprisingly the new Strategy satsuma little about deterrence and declaratory policies, both of which featured heavily in the International Strategy from the White House. The DoD is working hard on these issues but, as they do not fit neatly in the Five Pillars, do not appear in this Strategy.
The Department has had a long history working cyber issues and this Strategy reflects some, but not nearly all, of past or current efforts. Still, it is thought out and will be a good roadmap for the DoD’s future efforts.
Jason Healey is the Director of the Cyber Statecraft Initiative at the Atlantic Council of the United States. You can follow his comments on cyber cooperation, conflict and competition on Twitter, @Jason_Healey.