By Mark Rutherford
October 15, 2009
A new RAND Corporation report suggests the U.S. may be better off
playing defense and pursuing diplomatic, economic, and prosecutorial
efforts against cyberattackers, instead of making strategic cyberwarfare
an investment priority.
The study comes as the U.S. military fires up its new unified Cyber
Command (USCYBERCOM) program this month. The new outfit will be
responsible for network-related operations, defense, and attacks and
will operate under the U.S. Strategic Command.
Cyberwarfare is better at bothering an adversary than defeating
it--given that permanent effects are illusive, author Martin C. Libicki
wrote in the report, titled "Cyberdeterrence and Cyberwar."
On offense, cyberwar might be better relegated to support roles, and
then only "sparingly and precisely," according to the report. A one-shot
strike to silence a surface-to-air missile system, allowing aircraft to
penetrate defenses to destroy a nuclear facility, is the example given.
"Attempting a cyberattack in the hopes that success will facilitate a
combat operation may be prudent; betting the operation's success on a
particular set of results may not be," Libicki wrote. One question
planners should ask is whether strategic cyberwar would induce political
compliance comparable to what could be produced by, say, strategic air
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News