For one day, at least, you can call off the cyberwar. The Pentagon revealed an unclassified version of its “Strategy for Operating in Cyberspace.” And despite a drumbeat of scare talk and digital sabre-rattling in Washington, the document takes a measured, reasonable approach — focusing on good network hygiene and data-sharing, rather than bombing hackers into submission.
The question is whether this public summary conveys what’s actually in the classified strategy, or reflects the real mood of the Department of Defense.
“DoD would like to be much more aggressive in what it says and how it acts,” says a source familiar with the development of the strategy. “But that tendency to be aggressive has been reined in by the State Department, Treasury, and the White House, and not in an unreasonable way.”
Listen to the talk inside the Washington Beltway — and especially within the Pentagon — and you’d think hackers were about to reach their hands through our computers, and strangle us all in our sleep.
“The United States is fighting a cyber-war today, and we are losing,” retired admiral and former National Security Agency chief Mike McConnell wrote in the Washington Post last year. Defense Secretary Leon Panetta claimed cyber attacks could be the “next Pearl Harbor we confront.” Or perhaps the next Hiroshima. Senator Carl Levin declared that “cyberweapons and cyberattacks potentially can be devastating, approaching weapons of mass destruction in their effects” during an April 2010 (.pdf) hearing.
According to the Wall Street Journal, the Pentagon has come to the conclusion that “computer sabotage… can constitute an act of war.” As one military official tells the paper: “If you shut down our power grid, maybe we will put a missile down one of your smokestacks.”
Yet the Pentagon strategy uses tones of cooperation, not confrontation, in the strategy it released today. “By sharing timely indicators about cyber events, threat signatures of malicious code, and information about emerging actors and threats, allies and international partners can increase collective cyber defense,” the document notes. “Cyberspace is a network of networks that includes thousands of ISPs [Internet Service Providers] across the globe; no single state or organization can maintain effective cyber defenses on its own.”
more at Wired