A front-page article on cybersecurity by Ellen Nakashima, published in the March 18, 2012, edition of The Washington Post, is important in several ways.
First, the article discusses the use of cyber as a weapon system, i.e., as a component of our nation’s integrated approach to battlefield operations. The article takes readers through some of the issues, opportunities, and challenges that lie before us as cyber assumes a more prominent role in U.S. military thinking. In doing so, it reflects the fact that information technology remains an area of competitive advantage for our country, both in terms of the technology itself as well as in the creative ways technology can be used to effectively confront threats.
At a more abstract, but perhaps more important, level, however, the article conveys an additional message — that cyber is an instrument of state power. For those new to the cybersecurity domain, the article provides useful food for thought about the potential vulnerabilities of financial systems, battlefield systems, and even embedded systems used in manufacturing. Overall, what we’re seeing is the emergence of national thinking about our cyber interests, the development of policy and doctrine to support those interests, and the elaboration of operational concepts and capabilities that support our policies, and are consistent with doctrine.
And this trend takes us to the third, and most vital, point: that cyber is an issue that unites the private and public sectors across often-shared concerns and interests. Certainly, foreign governments employing cyber for their own purposes, against commercial and public-sector enterprises, do so in the service of policies that span the widest range of targets.
The United States cannot be the only state to view cyber as an instrument of state power. Indeed, the Washington Post article can be read in conjunction with the 2011 report of the National Counterintelligence Executive (NCIX) that describes the economic espionage undertaken by foreign governments to steal intellectual capital from U.S. companies. In other words, commercial organizations are being targeted by foreign governments that are using the information they glean to support their own nations’ economic interests, as well as their own geo-strategic interests. What this means, of course, is that we are not alone in developing a concept of our national interest in cyber, or in developing policy, doctrine, operational concepts, and resources to support those interests.
Taken together, the Washington Post article and the NCIX report tell us that our cybersecurity line of business is more than an “adjunct” to commercial information technology, and more than an “add-on” to our national security strategy. Cyber is becoming a pillar of both. Some see new information technologies as ways of gaining cost and operational efficiencies, while others look to these technologies to enable new value propositions and business models (for industry) and new ways of delivering services to our citizens (for government) and of conducting battlefield operations. We should view cyber in this manner: good cybersecurity can enable new business models; effective use of cyber can represent a new pillar of our national security strategy. That cyber is now “front-page news” tells us how important it has become. This is just the beginning.