Excellent Reuters article on Aviation Week titled “Pentagon Tries to Lean Forward in Cyberdefense“. According to the article Deputy Defense Secretary Lynn recently stated the US must move from a passive minded cyber strategy to an active strategy. Also, recent data breaches of defense contractors have caused the military to redesign one of its new weapon systems:
Aviation Week also reported that Lynn said one U.S. weapon system under development may have to undergo redesign following a cyber breach in March. He did not identify the system. More than 24,000 files containing an unspecified but large amount of data were copied from a defense contractor’s internal databases, according to Lynn. Whether and how much redesign will be necessary is still being studied.
It would seem that cyber theft and cyber espionage is a much greater threat to our country at this time than a full blown “Cyber War”. It is easier and far cheaper for nation states to just steal our technologies through data breaches then to spend the money to develop them.
The article compares the current defense tactics used by the military to the Maginot Line of WWII. Our nation is spending time, effort and energy to try to build better defenses. But as Germany showed, it is easier and costs much less resources to bypass these defenses.
But there is hope. According to Marine Corps General James Cartwright, cyber defense in the DoD realm needs to shift from defensive to offensive:
How do you build something that convinces a hacker that doing this is going to be costing them and if he’s going to do it, he better be willing to pay the price and the price is going to escalate, rather than his price stays the same and ours escalates.
Though it will be very difficult itself to create a system that detects, and correctly identifies an attacker. The question still remains, what level of response will be acceptable when an attacker is successfully identified?