Response to Kevin post 200 word.
Also you can find example belllow that take an example;
- Uitts – Week 2
kevin uitts | 11 hours ago | 737 words We can see from the Department of Defense’s 2015 Cyber Strategy briefing that the DoD considers its role as defending the United State’s homeland from attack, “including attacks that may occur in cyberspace,” and further defines this role as, “…defend DoD networks, systems and information; defend the nation against cyberattacks of significant consequence, and support operational and contingency plans” (DoD 2015, 2-3). Something that is interesting to me with this policy is it describes the role the DoD will take in protecting their own military networks and to some extent the role that Homeland Security will take in protecting government domains but kind of glosses over the military’s role in protecting civilian or private domains. Partnerships with private industry are discussed but the defense role in areas that could be counted as strategic national interests still seems like it needs to be fleshed out. For instance electric utility companies are regulated by the Federal Government; they have set rules about how much they can charge customers since in many places utility companies operate in a sort of regulated monopoly. Not getting gouged for electricity is something that the ordinary citizen expects yet there does not seem to be a clear standard or regulation as to protecting these entities when it comes to cyber security. My point with this is, what does the DoD consider as an attack on the homeland or on a critical national asset where they would get involved? Another example is the Equifax breach Bloomberg reported that roughly 140 million Americans may have had their data compromised (Bloomberg 2017). I think often people overlook economic security as a component of national security and focus instead on things such as acts of physical violence or physical destruction yet Bloomberg reported that the government’s response to the breach was forming committees to examine if Equifax had mislead customers as to the size of the breach (Bloomberg 2017). A very important concern but less focus seemed to be on whether this constituted an attack and if so what is the response? The military’s role in defense and offense seems rather limited outside the scope of normal military type conflicts.
For offense the DoD states that cyber warfare is another tool that combatant commanders can use in conducting operations. The report states that if directed by the President or Secretary of Defense the military may conduct offensive operations against an, “…an adversary’s military related networks or infrastructure…” (DoD 2015, 5). This seems to make sense when cyber warfare is considered as another element to be used with conventional military strategy. Some of the issues seem to be what constitutes a proportional response, in what case is a defensive strike or a preemptive strike appropriate, and can attribution be clearly delineated. Demchak discusses NATO members hesitancy in to attaching cyber attacks to the mutual defense agreement because attribution is a difficult task (Demchak 2011, 199). He also discusses any kind of cyber operation or “hack-back” in response to a cyber attack faces extreme difficulties in accurately targeting a reciprocal attack and determining the proportionality of the attack (Demchak 2011, 203).
Cyber warfare, including defense, to me seems like some difficult questions need to be answered and regulated to better control operations or achieve specific objectives. What constitutes an attack and what extent of damage must happen before a reciprocal attack by the defender takes place, what are the nations critical assets and how do we ensure that they are adequately protected without limiting capitalism and a person’s civil liberties. If you look at a wide angle approach to American cyber security I think that it will take almost all the Federal agencies working together to build an adequate level of defense, not just the Defense Department that has the authority to carry out offensive operations yet no authority (or means really) to determine if AT&T or my local utility company is properly equipped to handle or defend against a cyber attack.
Demchak, Chris C. Studies in Security and International Affairs : Wars of Disruption and Resilience: Cybered Conflict, Power, and National Security. Athens, GA; The University of Georgia Press, 2011.
Dexheimer, Elizabeth; Strohm, Chris, and McLaughlin, David. “One Thing Government Agrees on” Equifax Deserves a Grilling.” Bloomberg, September 8, 2017. Accessed August 16, 2018 at: https://www.bloomberg.com/news/articles/2017-09-08/one-thing-all-of-government-agrees-on-equifax-deserves-grilling.
U.S. Government. Department of Defense (DoD).The DoD Cyber Strategy. Washington, DC: Government Printing Press, 2015. Accessed at: http://www.defense.gov/Portals/1/features/2015/0415_cyber-strategy/Final_2015_DoD_CYBER_STRATEGY_for_web.pdf. (Pgs. 1-42).
- Re: Uitts – Week 2
Rodney Piercy | 6 hours ago | 330 wordsKevin,
You have brought up some interesting ideas and questions in your forum this week. DoD is much better and more free to state specifically how they will deal with their own networks. When you start talking the military’s involvement in private sector networks things become more complicated. You have to separate the pieces of the government and what each is allowed to do or not do under the law. Using your example there are some parts of the government can regulate specific things such as cost to avoid price gouging that is not the military. Although the military is tasked to protect critical infrastructure they must have the partnership of the private sector since they have no authority over the companies that own the infrastructure. The Cyber Strategy is a high level document and those types of documents do not usually give much detail in how a specific task is carried out. Each area of private industry is going to be dealt with differently so the document is a little generic in that area.
As you stated attribution for cyber-attacks is very difficult for many reasons. Adding to the difficulty is that many times laws have not kept up with the cyber world. The United States is required to abide by the rules that are set forth from NATO and the United Nations which defines when countries can retaliate against another country for an attack. Unfortunately many times these rules do not clearly spell out how a cyber-attack falls into this category. A cyber-attack may fall under the current laws of war and if it meets the requirements the military has the right to retaliate (DoD 2015). You are absolutely correct that there are still questions that need to be answered in regards to cyberwarfare and the roles that different agencies play.
Great job on your post this week.
RodneyDoD. Department of Defense Law of War Manual. Washington, D.C.: Department of Defense, 2015.