White House Gives Peek at Cybersecurity Strategy

(March 3) -- Amid a growing chorus of concern over the nation's approach to cybersecurity, the White House has revealed a bare-bones outline of its secret plans to protect the nation from a cyberattack. But the 12-point document may do little to quell criticism that the Obama administration has failed to make clear its strategy for dealing with the growing threat of cyberwarfare.

The government's approach to cybersecurity has been criticized as both overly secretive and not aggressive enough given the scope of the threat. The release of an unclassified description of the Comprehensive National Cybersecurity Initiative was promoted as making good on Obama's promise of government transparency, while also providing details about what has so far been treated as a highly classified plan.

In a not altogether surprising admission, the plan does acknowledge that the U.S. government's efforts to address cybersecurity "have not achieved the level of security needed."

But Steven Aftergood of the Federation of American Scientists pointed out that the new disclosure does not actually reveal the presidential directive that lays out the foundation of the initiative. "Instead, the White House released a descriptive summary of 12 component elements of the Cybersecurity Initiative, a gesture that it said was consistent with the president's emphasis on increased transparency," Aftergood wrote on his Secrecy News blog.

"Without a clear delineation of legal authorities and implementation mechanisms, the scope for meaningful public discussion seems limited," Aftergood argued.

In fact, the language contained in the unclassified description is, perhaps by design, vague, though it does spell out at least in broad terms the government's interest in deterring a cyberattack.

"This initiative is aimed at building an approach to cyberdefense strategy that deters interference and attack in cyberspace by improving warning capabilities, articulating roles for private sector and international partners, and developing appropriate responses by both state and nonstate actors," the plan reads.

That language may raise more questions than answers, according to cybersecurity expert Jeff Carr, CEO of GreyLogic Inc. Carr wonders whether -- as the language implies -- the U.S. government wants to enlist "nonstate actors," for example hackers, in cyberwarfare. "If it's true, the Russian and Chinese governments who have at least maintained plausible deniability in their own use of nonstate actors, will get unbelievable mileage out of this announcement, starting with the word 'hypocritical,' " he told AOL News.

Ironically, the administration's secrecy regarding cyberdeterrence has been criticized on some of the same grounds as Cold War-era secrecy on nuclear strategy. "It is difficult to conceive how the United States could promulgate a meaningful deterrence doctrine if every aspect of our capabilities and operational concepts is classified," the Senate Armed Services Committee wrote in its report accompanying the 2009 defense bill.

In other words, deterrence only works if the other side knows what you plan to do -- or as Dr. Strangelove declared in Stanley Kubrick's iconic 1964 film about the Cold War: "The whole point of a doomsday machine is lost if you keep it a secret."