Strong policy needed to counter cyber aggression
We must not allow our antiquated legislative processes and doctrine creation methods to constrain our offensive, defensive and intelligence collection capabilities in the cyber conflict domain.
In the past year, there has been a flurry of activity focused on the development and implementation of doctrine, policies and procedures directly related to the cyber conflict domain. There is no question the U.S. military is oriented toward doctrine, policies and procedures as is the federal government. If you have any doubt, just look at the number of pieces of proposed legislation around cyber and our critical infrastructure that is being proposed. Consider the amount of time it takes to draft a piece of military doctrine or regulation, send it through the vetting process, get is passed, put in place and finally train those involved on it.
Given our current doctrine and policy-making process and the time required to enact these operational guidelines, it would be next to impossible to keep up with the dynamics of the cyber threat environment. Now compare our process and the doctrine/policy constrained operational environment to that of our adversaries. They are not constrained in this fashion.
The United States is the most technologically connected nation and as such the most at risk when it comes to cyber conflict. Why is it that we try to force fit something new, such as cyber conflict, into mental models that are decades old? We must not allow our antiquated legislative processes and doctrine creation methods to constrain our offensive, defensive and intelligence collection capabilities in the cyber conflict domain. Our inability to adapt to the every changing domain of cyber conflict in near real-time would place us at a distinct disadvantage.