cybersecurity defense requires a good offense?

We’ve yet to see this come to a head, but I bet it will be soon. An article I read today contained a few tidbits about cyber warfare:

History teaches us that a purely defensive posture poses significant
risks, Cartwright told the committee. He [Marine Gen. James
Cartwright, commander of the Strategic Command] added that if we apply the
principle of warfare to the cyberdomain, as we do to sea, air and land,
we realize the defense of the nation is better served by capabilities
enabling us to take the fight to our adversaries, when necessary, to
deter actions detrimental to our interests.

Cartwright said U.S. adversaries in cyberspace include other countries,
terrorists and criminals who operate behind what he described as
technical, legal and international screens, and he said that if we are
to take the fight to our adversaries, we will need Congress help finding
solutions to penetrate these screens…

[Lt. Gen. Robert Elder Jr.,
commander of the 8th Air Force and JFCC-Global Strike and Integration] did not detail plans for going on the offensive. But when asked
about it, he said, “We will probably do some of that, by the way.”

We might be going on the offensive? Are we actually at war in a way that we can go on the offensive as if we were on the sea, air, or land? I really wonder if that will be seen as a hostile action or not, or if this is all still just contested territory. I don’t have much thought on this right now, but as the years move forward, this cyber conflict could pose ramifications on the openness and neutrality of our Internet.

One thought on “cybersecurity defense requires a good offense?

  1. a war on cyber-criminals will be no different than the war on terror (or a war on crime, for that matter)…
    in conventional warfare you have a distinct and well defined enemy with finite, quantifiable resources… when dealing with criminals as a whole you have none of that… a war on cyber-criminals is a war that will never end (and there is no instance of a nation having benefited from prolonged conflict)…
    that said, there is merit to the idea of taking actions that remove specific threats from the equation… however, what that really means is using legal tools to go after people doing bad things – that’s called law enforcement… we already do it locally but computer attacks often cross borders and cross-jurisdictional law enforcement is a hard problem that needs to be addressed in order to do this effectively…

Comments are closed.