U.S. Must Look to Cold War to Address Cybersecurity

Cybersecurity flag

In a report released Wednesday, the Foundation for Defense of Democracies called for an operating plan for cyber warfare similar to the Single Integrated Operational Plan (SIOP) the United States had during the Cold War.

“Cyber conflict is growing because, thanks to new technologies, opportunities are rapidly expanding,” the report said. “As with other, earlier advances in science and industry–from catapults to gunpowder–technological change nearly always precedes the emergence of foundational theoretical strategy. We must urgently formulate theories and strategies in the face of today’s emerging digital weapons.”

The report explained that SIOP was essentially a blueprint for nuclear war and it included “what targets were to be attacked, by what nuclear forces, and with what delivery systems, but also the routes and timing of the attack and the expected level of target damage.” The report called for a similar plan that addresses “the challenge of deterring, contesting, thwarting, or defending against cyber aggression.”

In preparing for cyber conflict, the report called for “interagency coordination and whole-of-government planning.” The report said the “roles of the Departments of Defense, State, Treasury, Commerce, Homeland Security, and Energy as well as the intelligence community all need to be reconciled and integrated. Cyber-related interagency stovepipes, resource and personnel battles, and ‘conceptual differences’ will likely be difficult to resolve as the inter-service challenges from the early days of SIOP development.”

The report also said that because cyber weapons are so adaptable, defensive and offensive strategies should be “broad to allow flexible responses and the application of a range of evolving cyber weapons.” Unlike the U.S. government during the Cold War, the report says, the current government is not fully aware “what resources it will require to constantly hold at risk a coherent set of cyber targets of major adversaries.”

The report also offers some ideas on decision makers can begin the process of developing a new cyber SIOP, saying “decision makers should pose questions similar to those offered by Gen. Nathan Farragut Twining in 1959 to help identify the key questions and challenges.” The questions used by Gen. Twining included drafting new policies, determining what agency was in charge of reviewing and approving new policies, what should be targeted, and what type of infrastructure is needed to ensure a unified response to threats.

The report acknowledged that while the IT revolution has had a positive impact on people, the economy, and the country, it has also “opened the door to new avenues for espionage and damaging attacks.” It urged leaders in Washington to “thwart, defend against, and possibly deter cyberattacks.” As with most suggestions in the cybersecurity realm, it acknowledged that a SIOP isn’t a silver bullet, “[e]ven if deterrence proves impossible in some areas of cyber conflict, the process of developing a cyber SIOP will help generate a new strategic framework and delineate the key operational and tactical cyber warfighting issues.”

Recent