Defense Science Board Report on Advanced Cyber Threats

Paul Rosenzweig
Thursday, March 7, 2013, 11:41 AM
Much of what passes for analysis of cyber threats these days is episodic and anecdotal.  I confess, reluctantly, that despite my own best efforts I sometimes fall into that trap.  I also confess that sometimes anecdotes are clarifying and symbolic, as with the Mandiant APT-1 report last month.  Still, it is always welcome when someone with good analytic capability steps back and takes a deeper, more nuanced dive into the problem of cyber vulnerability. Readers of this blog who are interested in cyber topics

Published by The Lawfare Institute
in Cooperation With
Brookings

Much of what passes for analysis of cyber threats these days is episodic and anecdotal.  I confess, reluctantly, that despite my own best efforts I sometimes fall into that trap.  I also confess that sometimes anecdotes are clarifying and symbolic, as with the Mandiant APT-1 report last month.  Still, it is always welcome when someone with good analytic capability steps back and takes a deeper, more nuanced dive into the problem of cyber vulnerability. Readers of this blog who are interested in cyber topics will therefore very much want to read a new report from the Defense Science Board, "Resilient Military Systems and the Advanced Cyber Threat."  Most readers will highlight the conclusion that the US "cannot be confident that our critical Information Technology (IT) systems will work under attack from a sophisticated and well-resourced opponent utilizing cyber capabilities in combination with all of their military and intelligence capabilities (a "full spectrum" adversary)."  For those who want a deeper summary, this article in Signal is quite useful.  Some of the notable longer term pieces of interest in the report include recommendations:
  • For enhanced counter intelligence capability to address supply chain vulnerabilities.
  • For a new tiering methodology for ranking cyber threat actors and then employing risk  analysis against this tiering structure
  • For enhanced intelligence collection (mostly likely HUMINT) against the high end cyber threat actors; and
  • That USCYBERCOM establish its own FFRDC  to model,war game and red team cyber ops concepts.

Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.

Subscribe to Lawfare