The challenges of cyberspace perme- ate just about everything we do— whether in defense, critical infrastructure such as banking systems or
utilities and any other major commercial enterprise or individual pursuit. The
ability to shape, change and manipulate
data in an unauthorized and undetected
manner can severely undermine confidence in the systems
that depend on that information. Consequently, the ability to secure cyberspace is critical.
Our potential adversaries in cyberspace are practicing a digital form of
maneuver warfare. Their work is
nonstop: Think, collaborate, deceive,
expand, contract, move, elude. Repeat.
They know the value of information—
real or fake—and focus their efforts
on exploiting it. Defeating them will
take a coordinated effort in which all
participants recognize the value of that
Training is key, and not just in terms
of operating in cyberspace. Traditional
military disciplines such as electronic
warfare, radio frequency spectrum
deception, misinformation, disinformation, psychological operations and
others are coming together with cyber
under the rubric of information warfare. This evolution, along with the skills
to operate in the cyber domain, must
become a larger part of military education and training. Students and cyber
operators must understand the full
range of capabilities as well as the liabilities facing the force.
Matching adversaries step for step in
cyberspace requires reliable intelligence.
We are not yet where we need to be in
this area. Intelligence must forewarn
of attacks and enable attribution when
attackers are detected so that retribution
can be focused on the proper target.
The force must develop tools that will
allow proper responses. This includes
ways of correctly attributing cyber
attacks and a method of rapidly disseminating that information. The cyber
force also needs tools that enable a wide
range of effects for offensive actions
and deterrence. Flexible response—
or the threat of an effective pre-emptive attack—is important in cyber
Cyber operators must be able to tailor
their activities. Small, targeted actions
should not produce undesirable effects.
And any strong cyber force must have
an effective command and control
structure that extends down to the level
of execution and beyond. This structure
establishes proper boundaries to help
avoid unintended effects. Unfortunately,
the nation’s leaders have not yet decided
how far down that execution level rests.
Clearly, cyber operations must
include offensive measures against
adversaries. This involves taking actions
to deny the threat at its source, wherever it is. Absent those actions, the
United States and its allies are likely to
continually be attacked. A better course
would be to force any potential attacker
to weigh the price of an attack versus
the value of a target.
Deterrence is no simple matter. Using
cyber offense requires focused high-skills training to develop talents in the
people who employ those capabilities.
BY LT. GEN. ROBER T M. SHEA, USMC (RE T.)
Information Is the New Gold in Cyberspace
These operators must understand the
precision with which they must strike.
They must understand the cyberscape
thoroughly to avoid disruptions that
cause adverse second- or third-order
effects. And national leadership must
have confidence that these skills have
been imbued in cyber operators according to established parameters.
Defending against cyberthreats can
differ for military and civilian vulnerabilities, but when combined, both present a broad national security challenge
that must be addressed. With the critical infrastructure identified, the United
States must find a way to motivate the
private sector to ameliorate its security
problems. This solution likely includes
costly design and technical changes to
the infrastructure to isolate attacks and
mitigate damage—problems that cannot
Risk mitigation strategies are needed
to soften the blow of an attack. When a
known critical threat is detected, perhaps software containing a shutdown
mode could kick in. And government
must establish a methodology for practicing its response to any attack.
Unlike other government or industry issues, the cyberthreat is not compartmentalized between the two sectors. It is a national issue that will
require stronger partnerships among
industry, government and academia,
with oversight that will be more than
just sticking a toe in the water. This
country needs a national strategy with
the proper incentives for the commercial sector to commit to protecting the
national infrastructure. Information is
the new gold, and national bankruptcy
looms if the country fails to secure it.
To share or comment on this article
go to http://url.afcea.org/June17