Partners Wary Of DoD Cyber Security Plan


The comprehensive cyber security strategy outlined by the U.S. Department of Defense last week might be well a well-intentioned effort to counteract cyber attacks, but channel partners say that the document will likely be ineffective at best, and could potentially weaken the reseller community at worst.

The U.S. Department of Defense released a comprehensive cyber strategy last Friday aimed at hardening the nation’s computer systems from cyber attacks, and deeming cyberspace as another “operational domain” that the military will be trained to defend.

The 19-page document, titled the “Department of Defense Strategy for Operating in Cyberspace,” stipulates that cyber space be a domain protected by the U.S. military in the same way it defends land, sea and air, and called for new ways to bolster defenses for critical cyber infrastructure, while developing new weapons to retaliate against U.S. adversaries launching cyber attacks.

“The cyber threats we face are urgent, sometimes uncertain and potentially devastating as adversaries constantly search for vulnerabilities,” said William Lynn, deputy secretary for defense, in a statement . “Our infrastructure, logistics network and business systems are heavily computerized. With 15,000 networks and more than seven million computing devices, DoD continues to be a target in cyberspace for malicious activity.”

However, so far, solution providers maintain that while well intentioned, the government’s cyber security plan -- outlined in five key initiatives -- is too vague, lacks enforcement and likely won't warrant an immediate uptick of future business.

One security-focused channel partner took exception to the first initiative that redefines “cyberspace as an operational domain to organize, train, and equip so that DoD can take full advantage of cyberspace’s potential.”

“They’re talking about protecting cyber space the way they do land and sea and air. So who’s creating the next B1 hacker airplane?” said David Sockol, CEO of Santa Clara, Calif.-based Emagined Security. “Everybody is going to have to wait and see.”

In fact, Sockol contended that government’s cyber security initiative could in fact weaken the knowledge base of reseller community by migrating cultivated private-sector talent to the federal sector.

Sockol pointed to the fifth initiative outlined in the document calling for the government to “Leverage the nation’s ingenuity through an exceptional cyber workforce and rapid technological innovation.”

“So you’re ready to finally hire experts and train experts. That’s well and good,” Sockol said. “But that hurts the reseller community if the government is going to try to steal the talent that we’ve been working so hard to grow.”

Sockol also called out the document’s provision stipulating that it would enable the federal government to purchase and implement cyber security infrastructure within a 12-month timeframe.

“It’s moving in the right direction for them, but 12 months to buy a new technology? We need to react in days and weeks, not in terms of months, years and decades,” Sockol said.

However, the cyber strategy plan could potentially be used as a tool to help raise awareness, which could ultimately affect the channel, albeit indirectly, some partners say.

Jonathan Dambrot, managing partner at Warren, N.J.-based Prevalent Networks, said he was uncertain if the government’s new cyber security policy would "have teeth," but said that if anything, the government’s emboldened stance on cyber security represented a collective growing awareness around the issue.

“Even without any cyber security plan, we are seeing literally a breach announcement an hour. The reality is, I think people are talking about it,” he said. “They say, 'am I susceptible to this type of a breach in my environment, and can you help us?' There are a lot of those conversations. “

Next: Cyber Strategy Lacks Teeth, Enforcement