How ready are we for cyberspace?
With little definition of the man-made terrain of the cyber domain and little known about the policies that govern it, one military officer has some suggestions for starting to defend cyberspace.
The trouble with cyberspace is that little is defined, many Defense Department officials say. There aren’t the maps of physical terrain that are used every day in military operations. As far as official word goes, a year after the establishment of the Cyber Command, policies and doctrine are still being worked out. Little is publicly known about what’s in America’s cyber arsenal — or about the policies that govern it.
What is clear: The DOD approach to cyberspace needs to be much different than traditional operations.
“We can’t dominate cyberspace — the buy-in for bad actors is too low. We should secure cyberspace in a way that makes it impossible for others to dominate,” said Army Col. Jeffery Schilling, chief of current operations at Army Cyber Command. Schilling, June 28 at the IDGA Cyber Warfare and Security Summit in Washington. Schilling stressed that his comments were strictly his own opinion and not representative of DOD.
Schilling said the imminent steps in making cyber defense progress include better definitions for the territory and operations.
“We need to draw a line around cyberspace before the U.S. can exercise governance,” Schilling said, noting that it needs to be determined what exactly to protect. “If you don’t know what’s inside the borders, how can you know what to protect?”
He added that hostile acts and intent — and assigned federal jurisdictions — still need definitions, too.
What’s unique about cyberspace and what makes things more complicated is some of the domain's key attributes: It’s a man-made global commons, and for the most part, it isn’t government owned or operated, Schilling pointed out.
Its borderless existence means there’s no distinction between inside and outside the lines. It’s a virtual environment with no dimensions. Traditional borders have depended on physical geographical boundaries and attributes, of which there are none in cyberspace.
Schilling suggested that cyberspace be treated as sovereign-less space, like the open sea or Antarctica. To address the critical issue of anonymity, he also suggested users and equipment have flags like ships do for identification purposes. This would require international policy and cooperation, he added.
The question is: How much of this is already under way at DOD, and how much of it still remains to even be considered?