“In silent bars, in silent rooms, in silent cars, you hide where you can. And me, I know just where you are, you see, I’m a bomber man” - From Bombers by Gary Numan
This week President Obama released his plans for a “leaner” military. There has been a lot of debate about whether or not this is the right decision; a debate will continue for quite a while. I have my opinions on the matter but since the closest I’ve ever come to serving in the military was on my Sony Playstation, I’ll keep those opinions to myself. However, what seems to get lost in all the rhetoric is that in addition to impacting budgets and troop levels the plan calls for an increase in the military’s cyber capabilities.
According to Information Week, “The annual defense budget passed in December affirms that the Department of Defense may carry out offensive cyber attacks to defend U.S. interests and those of its allies. It also requires the military to take certain defensive cyber measures, including the creation of a new insider threat program.” The Information Week J. Nicholas Hoover article quoted above has additional information regarding cyber defense (and offense) plans including details about attack detection, SIEM effectiveness and insider threats. I find it interesting that these are very similar areas that any corporate CSO would want to address.
For those of us in the security field this should be met with a resounding approval. Go to any major security conference and you’ll see many of our national defense leaders promoted as keynote speakers. Often, they will be the most interesting and inspiring people you’ll hear from all week (though contractually I’m obligated to say that nothing can trump RSA’s very own Art Coviello’s keynotes). It’s great to see these leaders getting the support they need to continue to keep our country (and possibly your country as well if you’re not American) safe.
So let the debate about troop levels and budget cuts rage on, but everyone on both sides of the aisle should be applauding this part of the plan.
On a related note, if you’re interested in reading more about cyber defense and cyber military policy I’d recommend “Cyber War” by former cyber czar Richard Clarke. While the book has received warranted criticism I think it’s a good starting point to learn more about the subject. I’d pay less attention to the attack scenarios Clarke outlines, and focus more on the thought process with respect to defense options and the war gaming commentary.
What do you think? Is there enough emphasis on cyber capabilities? Do you agree with the Obama plan?