"Cyber-" is a big buzzword these days, but I fear it's more sparks than light. I'm concerned that we -- government, media, citizens -- are overreacting to recent hacking and unwisely responding to limited but real threats. And in the process we are risking losing civilian control of this problem.
I don't believe in the "digital Pearl Harbor"
scare. I don't believe truly disruptive digital attacks will occur
unless they are part of a big power conflict -- in which hard power
capabilities can also work to deter or deny.
Meanwhile, I'm concerned that we are overspending on offensive cyber and underspending on defense, resilience, and recovery, perhaps by a 4:1 ratio.
This seems to reflect a macho mentality that prefers offense over effective defense.
I'm also concerned with the militarization of cyber efforts. In fact, what prompted this tirade today is a new Atlantic Council report that
has a kinds of suggestions for DOD to work with civil authorities on a
broad range of cyber efforts. I'm not against cooperation, but the
thrust is we[DOD] know best and we're here to help you [do what we tell
Under current law and presidential directives, Homeland Security is
responsible for domestic cyber defense and DOD for military and
offensive efforts. We should be strengthening DHS, not outsourcing its
work to DOD.
I'm also concerned about the NSA/Cyber Command relationship. They
probably should be separate, if only as a check and balance inside