What’s new in the U.S. cyber strategy

May 8, 2015

Henry Farrell originally published on 4-24-15

The Department of Defense has just issued a new cyber strategy, which perhaps provides the best public presentation of how the United States thinks about cybersecurity. As always with these documents, what is left out is as important as what is put in. So how has U.S. strategic thinking about cybersecurity changed in the post-Snowden era?

The United States isn’t worried about a ‘cyber Pearl Harbor’ any more

When people started to worry about cybersecurity, many, including then-defense secretary Leon Panetta claimed that the United States was in danger of a ‘Pearl Harbor’ type attack that could devastate the country. There is no ‘Pearl Harbor’ alarmism in the current document. Instead, it suggests that the United States faces the threat of persistent low level attacks that could damage individuals or firms, as well as targeting some industrial systems. The document also singles out efforts to “steal U.S. intellectual property to undercut our technological and military advantage” and specifically identifies China as a major culprit.

Thursday’s revelation that the United States apparently targeted EADS, a major European military contractor, for NSA spying, was especially poorly timed from the United States’s perspective, although the United States can still maintain that it does not spy so as to pass on stolen intellectual property to U.S. firms (and may conceivably have been targeting EADS for purposes that had nothing to do with snooping through its weapons systems).

Read full article