The Pentagon's Cyberstrategy, One Year Later
For almost all of human history, man has waged war on land and at sea. Air and space emerged as potential battlefields only in the past few generations. Now, the danger of cyberwarfare rivals that of traditional war. The advent of more destructive technologies -- and of their inevitable proliferation among actors willing to use them -- means that the United States must strengthen its critical national networks against ever worse threats.
In "Defending a New Domain" (September/October 2010), I announced that the Pentagon had officially recognized cyberspace as an operational domain and went on to describe the military's cyberstrategy. One year later, U.S. military networks are better defended, the U.S. Cyber Command is fully operational, and we have made progress working with private industry to secure critical infrastructure. Meanwhile, the Obama administration has committed half a billion dollars to develop advanced defensive technologies, including novel approaches to improving network security. But much remains to be done, and the window for doing it is short.
Our assessment is that cyberattacks will be a significant component of future conflicts. Over thirty countries are creating cyber units in their militaries. It is unrealistic to believe that each one will limit its capabilities to defense. Moreover, the centrality of information technology to the U.S. military and society virtually guarantees that future adversaries will target it.
The United States is now in the midst of a strategic shift in the cyberthreat. Until now, intrusions have largely been for the purpose of exploitation: stealing intellectual property from commercial networks or spying on the government. There have also been disruptive cyberattacks, for example on Estonia, in 2007, and Georgia, in 2008. In a development of extraordinary importance, cyber technologies now exist that are capable of destroying critical networks, causing physical damage, or altering the performance of key systems. In the twenty-first century, bits and bytes are as threatening as bullets and bombs.