eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
The U.S. military says it’s using a nuclear doctrine from the Cold War to prevent the next Sony Pictures Entertainment-style hack.
U.S. Defense Secretary Ash Carter trotted out the Pentagon’s new Cyber Strategy in Silicon Valley last month. It replaces the previous strategy rolled out four years ago. The new strategy contains three very new and very surprising components, which will directly affect every company in the U.S.—doubly so for technology-oriented companies.
Here’s what you need to know.
1. The U.S. military says it will protect your company.
In the past, the Pentagon’s cyber strategy was all about protecting the U.S. military from attack, as well as government agencies. Now Carter explicitly said that the department will also protect American “interests,” which includes U.S.-based corporations.
The November attack on Sony Pictures Entertainment, which the government blames on the North Korean government, appears to have greatly influenced this policy shift to protect U.S. businesses.
2. The new policy is deterrence through hack-attack retaliation.
Instead of playing defense, which was the old strategy, the Pentagon says it intends to develop tools that enable it to “disrupt” the attackers’ networks, among other things. The paper singles out Russia, China, Iran and North Korea as major state-sponsored cyber-threats.
Specifically, the military sees Russian government hackers as very good at covering their tracks, but they aren’t really sure what they’re after. Both Iran and North Korea are less skillful at hacking, but are super hostile toward U.S. interests. And, of course, China is great at hacking and it uses its skills mainly to steal everything and anything it can.
The idea is that if foreign national governments know they’ll be attacked if caught, they’ll be less likely to engage in the espionage—corporate, industrial and military—that’s now becoming somewhat routine.
This mirror’s America’s strategy during the Cold War. In fact, the era was called “the Cold War” because it was considered an ongoing war in which active hostilities were avoided because it could lead to nuclear annihilation. In effect, the “war” was conducted through proxies, economic isolation, sanctions and other means that avoided direct military engagement between the United States and the Soviet Union.
The new cyber-strategy essentially escalates U.S. tensions with Russia, China, Iran and North Korea from non-war to Cold War, where U.S. policy is to engage the enemy with hostility hopefully without triggering a real war.
It’s also similar organizationally to the War on Terror, where non-military organizations within the government are granted permission to conduct ongoing offensive operations against America’s perceived enemies. For example, the Central Intelligence Agency has since 911 been conducting drone strikes, assassinations and other wartime operations not only without war but without the Pentagon.
In this case, the Cyber Mission Force is actually part of the Pentagon. But instead of simply supporting military operations, the group can now conduct operations on its own, including offensive operations, similar to what the CIA now does, but over the Internet.
New U.S. Cyber-Defense Strategy a Two-Edged Sword
3. The Pentagon wants to enlist private companies into the cause.
Interestingly, though not surprisingly, a big part of the new strategy is to help the “private sector” do a better job securing its own company networks.
Carter also proposed “private-sector exchange programs” to attract security talent into the military and to increase security research. The Pentagon plans to open a new office at Silicon Valley’s Moffett Field (managed by Google as part of a 60-year lease deal with NASA), which will not only enable the military to be closer to commercial technology, but also function as a venture arm to direct money to startups creating technology of use to the cyber-security effort.
The military will use a venture capital firm called In-Q-Tel, which was set up by U.S. intelligence agencies 16 years ago to support new cyber-technology development.
It’s clear that this new office will serve as a headquarters where the Pentagon will try to build bridges to the major Silicon Valley companies.
In the wake of the Edward Snowden revelations, mistrust is at an all-time high between the government and the nation’s high-tech community. The government in general and the Pentagon in particular see this mistrust as part of the threat to national security. Part of the new mission seems to be to rebuild trust and foster cooperation.
The most interesting goal of the new office, however, is that the military hopes Silicon Valley’s culture of turning failure into an advantage will rub off on Pentagon technologists. While government projects in general are focused on avoiding failure, Silicon Valley succeeds by accepting failure as part of the learning process. The goal is to fail as fast as you can so you can learn and move forward.
There’s good news and bad news for IT professionals or someone who works in the private-sector technology community.
The good news is that the Pentagon plans to do something about the ongoing state-sponsored hack attacks that just keep getting worse. Moreover, the government’s deep pockets will step up investment in security-related technology that will probably benefit companies and enterprises.
That bad news is that state-sponsored cyber-war is here to stay. The nature of hacking-related hostilities is such that government hackers can usually cover their tracks and will never run out of targets.
If they can’t hit the military, they hit the government. If they can’t hit the government, they go after the economy by attacking and making demands of private companies by spreading malware, stealing trade secrets and forcing them to spend huge amounts of money in a mostly futile effort to block the attacks.
There’s simply no alternative than to invest in strong security and button up your company’s policies.
Welcome to the new Cold War. Let’s just hope it stays cold.