Sasse Project Seeks to Establish Cyber Doctrine – By Jenna Lifhits (weeklystandard.com) / June 1 2018
“Hybrid warfare is already here and America is not ready,” says Nebraska senator.
In the wake of Russia’s 2016 election interference, lawmakers have ramped up their calls for a comprehensive cyber strategy and grown aggravated by the wait. A pending provision in this year’s defense policy bill could successfully produce a broader strategic cyber doctrine—by drawing a Cold War parallel.
Approved by the Senate’s Armed Services Committee last week, the amendment by Nebraska senator Ben Sasse would set up a “Cyberspace Solarium Commission,” bringing together 13 top experts, including administration officials and select members of the private sector, for a debate that would ultimately produce an U.S. cyber framework.
“Hybrid warfare is already here and America is not ready. We desperately need a top-to-bottom review of our cyber posture,” said Sasse. “We lack a doctrine that defines how, when, and where we play offense and defense. We don’t have a playbook. It’s time to draft one.”
According to a fact sheet, the commission would consider how best to protect and defend the U.S. against cyber threats in the political, national security, and commercial realms, with options including deterrence and cyber persistence. It would also weigh how to best organize and establish cyber efforts within the government, among other duties.
The “solarium” model is based on a classified project from 1953, a time when the U.S. lacked consensus on its strategy toward the Kremlin, just as it lacks a unified cyber framework for dealing with Russia and other cyber adversaries today. In an effort to address that uncertainty, President Dwight Eisenhower established “Project Solarium.” The undertaking pitted three teams of experts against one another, with members like George Kennan. The trio engaged in a competition to craft grand strategy visions, and eventually presented Eisenhower with fleshed out options for containment, deterrence, and rollback.
Today the U.S. is similarly facing fundamental questions about cyber strategy, says Klon Kitchen, Sasse’s former national security adviser and now an expert at the Heritage Foundation.
“Are we trying to deny certain groups, certain countries, certain actors, a capability? That’s going to be one type of strategy and will require one type of investment,” he said. “Are we simply trying to insulate ourselves from the most catastrophic attacks, but largely going to let everything else evolve as it as it would naturally? That’s a different strategy.”
Classifying acts of war in cyberspace is also still an open question, he added. Today’s threats, according to a press release for the project, are murkier and more complicated than those of the 20th century, which “makes the imperative for a new “Cyber Solarium” greater.”
A provision in last year’s national defense authorization bill required the administration to develop a national policy on cyberspace, cybersecurity, and cyberwarfare, and made funding for the White House communications shop contingent on the submission of that report. The president reacted angrily to the amendment, describing the funding restriction as “unprecedented and dangerous.” The administration sent Congress a report last month. The Department of Homeland Security, which has taken the lead on election security, also released a cybersecurity strategy in mid-May.
But Kitchen says that administration-drafted strategies have failed to address the fundamental lack of a U.S. cyber doctrine. The commission, he said, should ideally produce a transcendent grand strategy for cybersecurity. It should act as a guiding star for America’s top-class technical cyber capacity.
“If you look at the DoD or any of the other cyber strategies, you’ll see that they’re an inch-deep. They are boilerplate,” he said. “They don’t really get us to a place where we’ve set a kind-of national grand strategy on this domain or with this capability.”
In the end, he added, the commission’s final product should shape national thinking on cybersecurity doctrine for this administration and those to come. “In the same way that containment transcended multiple administrations, we ought to be able to come up with something that transcends administrations,” he said.
Sasse’s pending amendment comes after the Trump administration’s top spy chief warned that the U.S. is “under attack by entities that are using cyber to penetrate virtually every major action that takes place in the United States.” The intelligence community assessed this year that Russia “will conduct bolder and more disruptive cyber operations” over the next year. Intelligence officials have also agreed that the U.S. has not done enough in response to Russia’s cyber attacks.
Secretary of State Mike Pompeo in April described spread of cyber responsibilities across agencies as a difficulty.
“Every element of government has a piece of its cyber duty. One of the challenges is that it’s so deeply divided that we don’t have a central place to do cyber work,” he told lawmakers at his confirmation hearing. “At the CIA … we spend a great deal of resources. I hope we’ve delivered value on our cyber efforts. I would hope to do the same thing at the State Department.”
The State Department this week released cyberspace recommendations to the president as required by an executive order last May.
https://www.weeklystandard.com/jenna-lifhits/sasse-project-seeks-to-establish-cyber-doctrine
