The DoD Strategy for Operating in Cyberspace
I just got around to reading the US government's "Department of Defense Strategy for Operting in Cyberspace" (PDF). According to the DoD, this document is "the first DoD unified strategy for cyberspace and officially encapsulates a new way forward for DoD’s military, intelligence and business operations."
My first reaction was that I really hate the term "cyberspace." After I read the document, I didn't end up with an overall positive feeling about the DoD's plans for use of the Internet. And I still hated the term "cyberspace."
In any event, the DSOC describes the DoD's five strategic initiaves. These are
- Treat cyberspace as an operational domain to organize, train, and equip so that DoD can take full advantage of cyberspace’s potential
- Employ new defense operating concepts to protect DoD networks and systems
- Partner with other U.S. government departments and agencies and the private sector to enable a whole-of-government cybersecurity strategy
- Build robust relationships with U.S. allies and international partners to strengthen collective cybersecurity
- Leverage the nation’s ingenuity through an exceptional cyber workforce and rapid technological innovation
While these goals may sound reasonable, I seriously doubt whether the DoD can make any significant progress toward them. The DoD is one of the largest bureaucracies in the world. They're not known for being particularly efficient or agile, but those very characteristics will be needed to meet the goals of the DSOC.
I expect to see lots of money spent on the DSOC. I don't actually expect to see that money wasted, although I expect to see very different benefits than the DoD expects.
In particular, the US government and the DoD in particular have always been very good places to get training. And if the DoD is going to spend lots of money on the DSOC, it will probably spend lots of it on training and education. Because of this, I'd expect to see lots of skilled people around in a few years that are the direct result of the DSOC. Lots of them probably won't end up working for the DoD in the long run. Instead, lots of them will end up working in the private sector part of the information security industry, and that will end up being a significant benefit to the industry in the long run.
So even though I don't think that the DSOC will even come close to attaining its stated goals, I'd guess that it will actually have a significant positive affect on the information security industry. Whether or not that's a particularly efficient use of the money or not is, of course, an entirely different story.