The Pentagon rolled out its new cyber-defense strategy Thursday, hyping it with the news that foreign hackers (from an unidentified country) invaded the computers of one of its (unidentified) contractors in March and pilfered 24,000 sensitive documents in one fell swoop.
Cyber-security is a Pentagon growth area, make no mistake about. Lord knows, I’ve contributed to the deluge. But it’s one of those arcane areas where progress is hard to measure. Is the threat as dire as sometimes portrayed? It’s important to realize that the Pentagon doesn’t store real secrets on networks linked to the Internet. Nonetheless, the press can’t resist stories about offensive cyber warfare.
Deputy Defense Secretary William Lynn, who unveiled the new cyber strategy, told an audience at the National Defense University in Washington that “crucial” files — not “secret” or “top secret” — have been stolen in recent years. Much taken was of little value, he said: “But a great deal of it concerns our most sensitive systems, including aircraft avionics, surveillance technologies, satellite communications systems and network security protocols.”
Over breakfast Thursday, Marine General James Cartwright, the vice chairman of the Joint Chiefs, said the Pentagon’s current emphasis on cyber defense needs to change. It’s currently 90% defensive and 10% offensive; he said those numbers need to be swapped. “This strategy talks more about how we are going to defend the networks,” he said. “The next iteration will have to start to talk about here’s a strategy that says to the attacker, ‘If you do this, the price to you is going to go up.'”
Safe bet the price to us is going to go up, too.