Part II
Mission and Institutional Perspectives

Part II contains three different mission perspectives. Chapter 3 addresses military perspectives on cyberattack, largely from the point of view of the Department of Defense. Chapter 4 addresses intelligence perspectives on cyberattack (for conducting covert action) and cyberexploitation (for obtaining information). Chapter 5 addresses federal law enforcement perspectives on cyberattack and cyberexploitation and considers how the private sector might view cyberattack as an element of its defensive posture. These chapters depict in outline form how various institutions both inside and outside government have conceptualized or may in the future conceptualize the use of cyberattack and cyberexploitation technologies.

Regrettably, the picture that emerges from these chapters is fragmented and incomplete—largely because national policy with respect to cyberattack is fragmented and incomplete. The secrecy that surrounds policy in this area has further worsened the coherence of the overall picture. On the other hand, it is often true that with a new and easily available technology (the technology of cyber offensive actions), interests among a variety of different institutional actors in using this technology have arisen from the bottom up—from those with operational missions. In the early stages of technology adoption, some actors consider how the technology of cyber offensive actions might support or better enable the performance of their traditional missions—and others ignore it. The bottom-up nature of technology adoption in such cases inevitably leads to adoptions at different rates and for relatively parochial purposes, and



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 159
Part II Mission and Institutional Perspectives Part II contains three different mission perspectives. Chapter 3 addresses military perspectives on cyberattack, largely from the point of view of the Department of Defense. Chapter 4 addresses intelligence perspectives on cyberattack (for conducting covert action) and cyberex- ploitation (for obtaining information). Chapter 5 addresses federal law enforcement perspectives on cyberattack and cyberexploitation and con- siders how the private sector might view cyberattack as an element of its defensive posture. These chapters depict in outline form how various institutions both inside and outside government have conceptualized or may in the future conceptualize the use of cyberattack and cyberexploita- tion technologies. Regrettably, the picture that emerges from these chapters is frag- mented and incomplete—largely because national policy with respect to cyberattack is fragmented and incomplete. The secrecy that surrounds policy in this area has further worsened the coherence of the overall picture. On the other hand, it is often true that with a new and easily available technology (the technology of cyber offensive actions), interests among a variety of different institutional actors in using this technology have arisen from the bottom up—from those with operational missions. In the early stages of technology adoption, some actors consider how the technology of cyber offensive actions might support or better enable the performance of their traditional missions—and others ignore it. The bottom-up nature of technology adoption in such cases inevitably leads to adoptions at different rates and for relatively parochial purposes, and 

OCR for page 159
0 TECHNOLOGY, POLICY, LAW, AND ETHICS OF U.S. CYbERATTACK CAPAbILITIES so the fragmentation of policy and organization today is not entirely surprising. Nevertheless, the committee believes there is value in setting forth a notional view of how these institutions might conceptualize the uses of cyberattack, the associated decision-making structures, and the infra- structure needed to support the use of cyberattack as an instrument in their toolkits. If nothing else, the availability of a notional view provides a framework against which to react and within which to pose questions about what might be missing. These comments should be kept in mind as these chapters are read. Part II also contains Chapter 6, a description of decision-making and oversight mechanisms in both the executive and the legislative branches that are relevant for cyberattack. Considering these mechanisms from a top-down perspective is intended to provide some points of reference that can help to identify what is missing from the picture painted by Chapters 3, 4, and 5.