News Analysis: A Marine Corps general's attempt to short-circuit Deputy Defense Secretary William Lynn's cyber-security plans could result in disaster if adopted.
of the things you see frequently here in Washington is infighting among senior
members of the same department in the executive branch. What you don't see very
often is a subordinate in the military chain of command trying his best to
publicly derail a proposal put forth by a superior.
the junior person ends up with a drastically shortened career. Hopefully that
will be the case after Marine Gen. James Cartwright gets his justly deserved
tongue lashing sometime this week.
happened is that Cartwright called a press conference right before William
Lynn, Deputy Secretary of the Department of Defense, released the
Pentagon's cyber-security strategy
. Part of that strategy is the U.S.
Department of Defense's plan for
protecting critical infrastructure
vice chairman of the Joint Chiefs of Staff, said that the strategy was wrong,
and that the U.S. military should be
taking an offensive posture
by making sure there are consequences for those
who attack U.S. interests in cyberspace.
I can understand where the general is coming from, it's not a very effective
way to make your point by sandbagging your own department in advance of a
policy announcement. This will surely have consequences for Cartwright. But
will it end up having consequences for the rogue nations and terrorists who
attack U.S. interests? Probably not.
problem, first of all, is that it's nearly impossible to know exactly where a
cyber-attack is coming from. Sure, you can probably track down the computers
that make up the botnet that's being used to break into your military computers
or your smart grid controllers, but that doesn't tell you anything. Neither
does trying to track down an attack such as the worm that nearly took out a
large number of U.S. Army computers a couple of years ago-a worm that
apparently was delivered on a USB memory stick.
that matter, nobody really has proved for sure where the Stuxnet worm that
crippled Iran's nuclear projects actually came from. While there's a lot of
speculation and one Israeli general claimed credit, you can't attack another
nation on the basis of speculation and unverified claims. Before the U.S.
military can attack another nation or a group of terrorists, or even a cohort
of rogue hackers for that matter, it has to be assured that it's attacking the
right place or the right person.
is why the CIA and other intelligence agencies took months and spent millions
of dollars before the Navy SEALS invaded Osama bin Laden's compound and killed
him. Failing to make absolutely certain that you're attacking the right person
or place has terrible consequences in its own right.