Cyber Strategy, Two Takes

Fun fact: more work seems to have gone into this cover image than the document inside.

Fun fact: more work seems to have gone into this cover image than the document inside.

First, here’s the unclassified Official Cyber Strategy of the USA, signed by Defense Secretary Ash Carter. Initial take: the guy really is an empty suit, stuffed with Beltway entitlement, and serving various constituencies, with the national defense of the USA not as prime as it probably ought to be here.

(U) DoD Cyber Strategy 2015, 17Apr15.pdf

Here’s how Carter (and his underlings, more Beltway homesteaders without a real-world accomplishment to their names) define the cyber threat on p. 9 of the document:

From 2013-2015, the Director of National Intelligence named the cyber threat as the number one strategic threat to the United States, placing it ahead of terrorism for the first time since the attacks of September 11, 2001. Potential state and non-state adversaries conduct malicious cyber activities against U.S. interests globally and in a manner intended to test the limits of what the United States and the international community will tolerate. Actors may penetrate U.S. networks and systems for a variety of reasons, such as to steal intellectual property, disrupt an organization’s operations for activist purposes, or to conduct disruptive and destructive attacks to achieve military objectives.

So what’s wrong with this? Here’s one: defining the military cyber threat to include commercial hackers and disruption of non-government “organizations.” No one who’s au courant with the cyber threat thinks that DOD has its own networks under control, so this attempt to subordinate DOD’s cyber defense activities to big and inept corporations like Sony, not incidentally among the owners ofthe donors to Carter’s political sovereigns, turns defense resources to private profit and distracts them from national defense. No, defending Sony is not an American defense interest. Hell, it’s not even a US corporation; why should we give

Oh, we forgot. Sony bought and paid formade substantial donations to the President and the other officeholders to whom Carter really holds his fealty, rather than to the quaint old Constitution to which he swore an insincere oath.

Let’s continue with Carter, and see if he gets any better:

Potential adversaries have invested significantly in cyber as it provides them with a viable, plausibly deniable capability to target the U.S. homeland and damage U.S. interests. Russia and China have developed advanced cyber capabilities and strategies. Russian actors are stealthy in their cyber tradecraft and their intentions are sometimes difficult to discern. China steals intellectual property (IP) from global businesses to benefit Chinese companies and undercut U.S. competitiveness. While Iran and North Korea have less developed cyber capabilities, they have displayed an overt level of hostile intent towards the United States and U.S. interests in cyberspace.

The first sentence is one key to cyber: it’s a plausibly-deniable act of war,  which is why all major powers (Russia, China, and not incidentally the USA) maintain an advanced persistent threat capability. This administration in particular is in love with the concepts of deniable, technical, literally “dehumanized” as in humans-out-of-the-loop and not at risk, technical war. It’s reminiscent of the disastrous Stansfield Turner days at CIA, when Turner played to the agency’s Polyphemos. “Noman has blinded me!” cries the agency at the inevitable “intelligence failure” result, in Turner’s case including the Russian invasion of Afghanistan and the Iranian revolution. Although he seems intent on recreating the bleak Cy Vance/Stan Turner days of his namesake President, this Secretary of Defense is unrelated to Jimmy Carter in anything.

This Air Force pro is a commo guy, not a cyber guy, but they needed him to meet some quota in the document.

This Air Force guy, A1C Nate Hammond, is a commo guy, not a cyber guy, but they needed him to meet some quota in the document.

Well, except in ineptitude. If there is a brotherhood of bozos, maybe with a secret handshake or password/countersign (“Are you a turdle?”), these guys are both life members.

Again, that the Chinese state steals IP is not exactly novel, and the Chinese are not alone; some of our allies do the exact same thing (cough, France, Israel, cough). The US, for that matter, does steal foreign technical data, the difference is, we don’t steal for order for private industry.

It is a defense matter when foreign nations steal defense material from the military or defense contractors. We’re not big on defining things as crimes rather than acts of war or terrorism, but stealing from Sony, for example, or General Electric, is not an act of war, no matter how much money those corporations sluice to Carter’s owners and overseerssuperiors.

In addition to state-based threats, non-state actors like the Islamic State in Iraq and the Levant (ISIL) use cyberspace to recruit fighters and disseminate propaganda and have declared their intent to acquire disruptive and destructive cyber capabilities. Criminal actors pose a considerable threat in cyberspace, particularly to financial institutions, and ideological groups often use hackers to further their political objectives. State and non-state threats often also blend together; patriotic entities often act as cyber surrogates for states, and non-state entities can provide cover for state-based operators. This behavior can make attribution more difficult and increases the chance of miscalculation

Well, it’s nice to see some awareness of ISIL penetrating the thick skulls of the E-Ring, but what they’re calling a cyber threat is simply an information operations (IO) effort that is superior to that of the United States. And as long as we have IO run by giggling PR dollies, and counter ISIL guns and swords with feeble hashtags, we’re #screwed.

Diverse services -- check. Diverse sexes -- check. Diverse races and ethnicities -- check.  Can they fight? Who cares!

Diverse services — check. Diverse sexes — check. Diverse races and ethnicities — check.
Can they fight? Who cares!

You could fisk the whole thing like this. Its full of yes-hope-is-a-method naïveté, like considering the Chinese threat badly punished because we indicted five PLA members for stealing IP. (We’re sure they’re shaking in their shoes. Either that or the new guys have redoubled their efforts because an indictment is the new most-coveted achievement in Chinese cyber — more likely). It’s also full of carefully-staged “college pamphlet” or “annual report” photos of perfectly-diverse cybernauts — selected for just the “right” mix of joint-service uniforms, DOD civilians, and skin-tone diversity. In other words, it’s all full of that which proceeds from the north end of a south-facing male bovine.

Naturally, there’s a new bureaucracy to be built, under a towering buzzword, the National Initiative for Cybersecurity Education, and more SES and political appointee jobs, like the Office of the Principle Cyber Advisor to the SecDef, which will oversee the Cyber Investment and Management Board, which will operate a senior executive forum and coordinate for something called the Deputy’s Management Action Group. It’s all process, with all these Beltway drones memo-ing one another.

Wait. We said, “Two takes”, in the title. What’s the other take on cybersecurity?

Well, here’s the NATO cyber team.

OLYMPUS DIGITAL CAMERA

The whole team.  (Well, actually there are six men, so they can field two of these three-man teams. Feel better?).

That sound you hear is chortling in Chinese.

6 thoughts on “Cyber Strategy, Two Takes

  1. Jim Scrummy

    Oh gee another useless policy report written by a defense contractor (e.g. Booz, Rand, IDA, et.al.) which are all interchangeable beltway shakedown artists (I know, use to work for one) about today’s management consultant buzzword of the week…CYBER! We must Cyber this, Cyber that, and Cyber Cyber. Because if you don’t Cyber, well you don’t get to play with all the money DoD is going to throw at…”CYBER”. I guess transformation and “jointness” are now verboten terms? Where is the Cyber Joint Transformation Command (CJTC)???? In other words, another report that will be collecting dust book shelves and buried on numerous hard drives or should I say “CYBER” drives, throughout the 5-sided puzzle palace and other places.

    1. Hognose Post author

      Where is the Cyber Joint Transformation Command (CJTC)?

      I believe they’re offering a commission to Bruce Jenner for that. Bradley Manning will be CSM when he/she/it gets out of prison.

  2. Wes

    DoD, top-down, has been in the business of producing things they call “plans” for some years now. They recount what has happened, they may (rarely) actually postulate who they think the adversaries and/or weaknesses are. (This is dependent upon the personal confidence of the paper’s contributor that, right or wrong, their OER won’t suffer.) One thing they have difficulty actually doing is to formulate a PLAN. History is not a plan, throwing the bones or glancing at the 8-ball of the analyst in the next cubicle is not a plan. Anyone who’s had to formulate one, when the consequences of sloth on that task may kill them and their team mates, understands that. Not gonna find that characteristic much inside the beltway. (The last one I wrote before I retired actually got me counselled for not being sufficiently risk-averse, which apparently disturbed some gold-plated rice bowls.)

  3. Y.

    >>Again, that the Chinese state steals IP is not exactly novel,<<

    Everyone who can steals IP. The Chinese just had the most opportunity, as they were lagging more than say, Germans, and their ambitions are higher, as befitting the size of their country.

Comments are closed.