To the Pentagon for its cyber defense strategy, which falls into the same trap where countless previous cyber policy documents have fallen, describing broad initiatives while avoiding specific solutions.
The Defense Department’s strategy, released July 14, lists among its top initiatives to counter cyberspace threats that it will treat cyberspace as an operational domain; implement new security concepts; partner with other agencies and the private sector; build relationships with international partners; and develop talent to spur innovation.
Such broad brushstrokes not only make the same obvious bullet points of all other national cyber strategies — including that of the White House, which almost immediately lost any momentum — but they fail to pinpoint the tasks that can be priced out, resourced and put into action.
The pace at which cyber attacks is picking up — with more frequent and daring attacks on DoD and defense manufacturer networks — means the time is long past for issuing general road maps. We surely know by now that partnering, building relationships and developing talent are good ideas. What’s urgently needed is a nitty-gritty action list tailored to the problem.
DoD’s new cyber strategy does, for the first time, make clear that the U.S. will consider a military response to a major attack on its civilian and defense computer networks. That’s an important message to send to cyber foes. Now, the Pentagon must work at identifying more cyber defense “how-to’s.”