The Pentagon on Thursday released its formal cyberspace strategy to ward off cyber attacks. The 19-page document is not nearly as focused on offensive retaliation as previously thought but instead it mostly outlines a strong defensive approach to take on hackers.
“Treating cyberspace as a domain means that the military needs to operate and defend its networks, and to organize, train and equip is forces to perform cyber missions,” Deputy Defense Secretary William Lynn said during a speech that accompanied the announcement at National Defense University in Washington, D.C.
Lynn admitted during the speech that 24,000 government files were stolen from military computers in March. The perpetrator was an unnamed foreign government. Lynn did not outline what types of files were stolen.
The new policies outlined today are designed to stop attacks like the one that occurred in March. The number one way the government intends to stop attacks will be to build strong defenses rather than use scare tactics.
“Just as our military organizes to defend against hostile acts from land, air and sea, we must also be prepared to respond to hostile acts in cyberspace,” Lynn said during the speech.
One of the more interesting tenents of the policies is the intent of the government to plan both public and private networks from attack. Private networks owned by important companies like banks and utility companies would ideally protect themselves but the government will said it will actively work with companies to stop hackers.
The new policy outlines working with private companies this way:
DoD has played a crucial role in building and leveraging the technological prowess of the U.S. private sector through investments in people, research, and technology. DoD will continue to embrace this spirit of entrepreneurship and work in partnership with these communities and institutions to succeed in its future cyberspace activities.
Another important tenet will be specific public-private partnerships to fight against hackers and cyber threats:
Public-private partnerships will necessarily require a balance between regulation and volunteerism, and they will be built on innovation, openness, and trust. In some cases, incentives or other measures will be necessary to promote private sector participation. DoD’s efforts must also extend beyond large corporations to small and medium-sized businesses to ensure participation and leverage innovation.
The only major concern with having the military trying to regulate and defend privately owned networks is that of privacy. If the government has access to an Internet Service Provider’s network, for example, what sort of limitations be set on what data the government is allowed to access?
Obviously there are many more issues to explore on this front, but at the very least, the government indicated today that it is taking cyber attacks more seriously and is thinking of more ways to stop them.