Video Screencast Help
Inside Symantec Community Blog

DoD’s Cyber Strat – So Far, So Good

Created: 20 Jul 2011 • Updated: 20 Jul 2011 • 1 comment
tiffany_jones's picture
+1 1 Vote
Login to vote

Tiffany Jones, director, Public Sector Programs and Strategy

As one might expect, details are scarce in the declassified version of the DoD’s first-ever cyberspace guidelines (released last Thursday). But from a 30,000 foot perspective, the policy looks sounds.

Consider the five key tenets (or “strategic initiatives”) contained in the directive:

1: Treat cyberspace as a domain for training and equipping defense forces

2: Employ new defense operating concepts

3: Create strong partnerships between agencies and with the private sector

4: Build relationships with foreign allies

5: Leverage U.S. innovation

These are worthy goals, to be sure (in particular, the overarching themes of operational preparedness and information sharing). Even without the details, it’s heartening to see fundamentally sound priorities for a DoD infrastructure that houses—quite possibly—more sensitive information than any entity on the planet.

And yet simply protecting that infrastructure isn’t enough. Security in the cyber domain demands protection of the information itself, not just the network or individual access points. After all, with private-sector contractors inextricably rooted to the DoD chain of operations, and with a figurative explosion of federal workers on new mobile devices, it’s unrealistic to think that even the most advanced, Pentagon-level security channels will do anything other than postpone the inevitable risk.

Hopefully, the details of the DoD’s cyber operations strategy will address these very issues (for instance: the employment of new operating concepts, including active defenses using sensors, software and signatures).

 

Surely, there’s a long and difficult road ahead for the Federal Government in cyberspace in continuing to execute on these tenets and other existing cyber policies/directives. But the DoD’s new policy seems a good, sound framework to continue the forge ahead.

Comments 1 CommentJump to latest comment

asm.ile.3c's picture

There is a skill gap between US students and those of other countries that threatens to have a long-term impact on US national security. Those in education and business began identifying the gap years ago, but it is only recently receiving greater attention from the military. The United States is not producing enough workers skilled in computer science, and in order to help close this gap, the United States must increase the focus on computer science at the elementary school level. 

In 2006, Steve Hamm wrote an article for Bloomberg Businessweek discussing the United States’ decreasing competitiveness in the Association of Computing Machinery’s International Collegiate Programming Contest. In 2006, the winning team was from a Russian university. The situation has not improved over the last five years, either. In fact, Chinese and Russian universities have won ten of the last twelve competitions. A United States university has not won any competition since 1997 – the year that IBM began sponsoring the competition, producing wide global participation. Some US universities have placed in the top five over the past five years, but it still isn’t clear how many international students competed on those teams. This lack of competitiveness is exacerbated by the widely noted decreasing enrollments in US university computer science programs. 

These are important concerns because the battlefields of tomorrow are more and more likely to be in cyberspace. The Department of Defense released its Strategy for Operating in Cyberspace in July 2011. This strategy identifies five strategic initiatives, the first of which recognizes the emergence of these new battlefields by treating cyberspace as an operational domain equal to the naturally occurring domains of land, sea, air, and space. The growing dependence of the US economy, financial sector, government, and Department of Defense on cyberspace means it is critical that we maintain our ability to establish dominance in this domain. 

The remaining four strategic initiatives presented in the strategy suggest ways the United States may be able to establish this dominance, and one of them includes “leverage[ing] the nation’s ingenuity through an exceptional cyber workforce.” Unfortunately, while the strategy identifies the need to attract talent early, it appears to focus on initiatives at the university level and in industry. This assumes the existence of a workforce that may not exist if the seeds for growing it are not planted earlier in our educational system. 

The Association for Computing Machinery and the National Institute of Standards and Technology are pushing for earlier injection of computational thinking in the educational system, but their appeals appear to be falling on deaf ears at the National Research Council (NRC). The NRC’s Framework for K-12 Science Education support’s the National Security Strategy’s directive to “invest in science, technology, engineering, and math [(STEM)] education,” but it fails to include computing and computer science as a core part of that framework. One of the problems with this is that focusing on these four areas in isolation is less effective than integrating them throughout the curriculum. Computer science, however, is one field of study that naturally brings all of these elements together. 

Computer science is the embodiment of the unification of STEM because it is a science that applies both engineering and mathematics to the creation, use, and improvement of technology. Adding computer science as a core part of the K-12 education framework would provide many opportunities for students to see meaningful application of concepts they would learn in other courses. It would also result in students gaining an actual understanding of the concepts underlying the technology that surrounds us in modern life. Without that understanding, we are merely helpless end-users, lacking the ability to fully use, secure, repair, and innovate upon our technology; and it is a myth that the “Digital Generation” has some innate understanding of the inner workings of technology simply by virtue of growing up with it. 

The capabilities of a potential cyber workforce depend upon this deep understanding of technological fundamentals and the ability to apply computer science and creativity to solve cyber-related problems. In order to have a wide selection of people to choose from for these jobs in the future, we must plant the educational seeds now. The US Department of Defense should increase its engagement with organizations that make recommendations on elementary school curricula, such as the National Research Council, in order to better set the conditions for our nation’s future security. 

Major Alexander Mentis is a student at the Command and General Staff College, U.S. Army Combined Arms Center, Fort Leavenworth, Kansas. The views expressed in this blog are those of the author and do not reflect the official policy or position of the Department of the Army, Department of Defense, or the U.S. Government.

+1
Login to vote