John Robb on Cyberinfrastructure Defense

John Robb:

"Platform Defense: The US intelligence/defense establishment needs to rethink how they approach this threat. First, they should focus only on those networks that represent critical infrastructure and defense/political functions (only the most important). Trying to defend all networks, including those run by corporations, from a threat this broad is futile and overly expensive. If the set of networks involved is small enough ("a platform" that defines the core network functions of the US), it may be possible to draw a line in the sand around them. Crossing that boundary would result in a massive effort to find the culprits.

Asymmetry and Rapid Reserves/Militias: Offensive cyber warfare is an asymmetric threat. It's impossible to build an offensive institutional capability in this realm. If it is needed during a time of extreme danger, it can be quickly outsourced to individuals and corporations with the requisite capability (we likely have more and better capability to conduct cyber warfare in the US than anywhere in the world if needed) with nearly zero ramp-up time. Since the opposition is using individuals and small groups to conduct offensive operations, every effort should be made to identify the hubs (people) of these networks to defuse, interdict, and counter-attack when necessary (piercing the cyber veil and getting to the actual person involved).

Decentralization: The only long term defense against cyber warfare and offensive cyber criminality (and the threat and disruption will only grow with time as more systems are integrated), is to move towards resilient communities. At that point, cyber attacks will be little more than an annoyance." (http://globalguerrillas.typepad.com/globalguerrillas/2009/04/cyber-threats-to-infrastructure.html)