cyber hype

"Cyber-" is a big buzzword these days, but I fear it's more sparks than light. I'm concerned that we -- government, media, citizens -- are overreacting to recent hacking and unwisely responding to limited but real threats. And in the process we are risking losing civilian control of this problem.

I don't believe in the "digital Pearl Harbor" scare. I don't believe truly disruptive digital attacks will occur unless they are part of a big power conflict -- in which hard power capabilities can also work to deter or deny.
Meanwhile, I'm concerned that we are overspending on offensive cyber and underspending on defense, resilience, and recovery, perhaps by a 4:1 ratio.

This seems to reflect a macho mentality that prefers offense over effective defense.

I'm also concerned with the militarization of cyber efforts. In fact, what prompted this tirade today is a new Atlantic Council report that has a kinds of suggestions for DOD to work with civil authorities on a broad range of cyber efforts. I'm not against cooperation, but the thrust is we[DOD] know best and we're here to help you [do what we tell you].

Under current law and presidential directives, Homeland Security is responsible for domestic cyber defense and DOD for military and offensive efforts. We should be strengthening DHS, not outsourcing its work to DOD.

I'm also concerned about the NSA/Cyber Command relationship. They probably should be separate, if only as a check and balance inside government.