The Defense Departments warns in a new organizational document that the United States cannot win the global battle over cyber security due the overwhelming complexity of the issue and the rapidly changing landscape in cyberspace, according to the document.
The Joint Chiefs of Staff, in a new organizational guidance issued earlier this month, assessed the United States will never be able to fully achieve dominance in the cyberspace realm, but that officials are working on a series of plans to boost the country's offensive and defensive capabilities in this realm.
"Permanent global cyberspace superiority is not possible due to the complexity of cyberspace," the report states. "Even local superiority may be impractical due to the way IT is implemented; the fact U.S. and other national governments do not directly control large, privately owned portions of cyberspace; the broad array of state and non-state actors; the low cost of entry; and the rapid and unpredictable proliferation of technology."
The assessment provides a realistic grounding for the United States' limited ability to dominate the cyber realm as private hacker groups and rogue nations seek to exploit critical U.S. government systems and those of private industry.
Military "commanders should be prepared to conduct operations under degraded conditions in cyberspace," the report warns, emphasizing limitations on the military's cyber capabilities.
Difficulty in combatting cyber attacks on the United States are attributed to the ability of hacker groups and nations to obfuscate the precise location and nature of attacks, preventing the United States from striking back.
"The ability to hide the sponsor and/or the threat behind a particular malicious effect in cyberspace makes it difficult to determine how, when, and where to respond," according to the report. "The design of the internet lends itself to anonymity and, combined with applications intended to hide the identity of users, attribution will continue to be a challenge for the foreseeable future."
The Defense Department is putting increased pressure on military commanders to consider cyberspace as part of their operations and realistically calculate the impact to operations posed by an offensive strike on America.
"Once one segment of a network has been exploited or denied, the perception of data unreliability may inappropriately extend beyond the compromised segment due to uncertainty about how networks interact," the document explains. "Therefore, it is imperative commanders be well informed of the status of the portions of cyberspace upon which they depend and understand the impact to planned and ongoing operations."
The plurality of threats from across the globe pose increased challenges to the American military's ability to take the lead in these cyber wars.
"Cyberspace presents the JFC's operations with many threats, from nation-states to individual actors to accidents and natural hazards," according to the document.
"To initiate an appropriate defensive response, attribution of threats in cyberspace is crucial for any actions external to the defended cyberspace beyond authorized self-defense," the report notes. "In cyberspace, there is no stateless maneuver space. Therefore, when U.S. military forces maneuver in foreign cyberspace, mission and policy requirements may require they maneuver clandestinely without the knowledge of the state where the infrastructure is located."
The private nature of Internet service providers (ISPs) and commercial assets further complicates the Defense Department's efforts in this realm.
"The prosperity and security of our nation are significantly enhanced by our use of cyberspace, yet these same developments have led to increased exposure of vulnerabilities and a critical dependence on cyberspace, for the US in general and the joint force in particular," the report notes.