Proposal could be simplistic "chest beating," or an indication of how serious the United States is about defending its networks.
The director of the National Security Agency said on Wednesday that the United States should develop a policy to protect cyberspace based on the nearly 200-year-old Monroe Doctrine, which declared that any effort to interfere with nations in the Western Hemisphere would be viewed as "dangerous to our peace and safety."
During a hearing of the House Armed Services' Terrorism and Unconventional Threats Subcommittee, Rep. Jim Cooper, D-Tenn., asked NSA Director Lt. Gen. Keith Alexander if he thought the United States should develop a "cyber Monroe Doctrine."
Alexander, who also serves as commander of the Defense Department's recently formed Joint Functional Component Command for Network Warfare, replied, "Yes, I think we need a cyber Monroe Doctrine," but he did not elaborate.
Not all cybersecurity professionals view applying a Monroe Doctrine to cyberspace as plausible. Steven Aftergood, director of the Project on Government Secrecy at the Federation of American Scientists, said a cyber version of the doctrine, which viewed any European intervention in the United States' sphere of influence as an act of aggression, as a "chest-beating" statement on how the United States could react to a cyberattack.
"I don't think this is the right approach," he said. "It's a slogan, not strategic thought."
But Alexander could be floating the idea of a Monroe-like doctrine for cyberspace to indicate "how serious [he is] about the issue," Aftergood added.
Alexander told the hearing that the United States should extend its cyber-defensive perimeter beyond its gateways on U.S. soil, which currently protect Defense networks. He said a "castle-moat" approach to network defense would not work if it faced a massive denial-of-service attack mounted by an army of botnets. Instead, the United States must defend against a cyberattack by going after the botnets "at their point of origin," Alexander said.
The Obama administration is coming to an end of a 60-day review on development of a national cyber security strategy, which the Homeland Security Department is expected to play a large role.
DHS "has room to grow to catch up with DoD" in its efforts to defend government Web sites, but the department could rely on Defense's technical expertise, Alexander told the panel.
Defense has been working with its contractors to secure their networks to protect unclassified information relevant to Pentagon research, development and procurement, said Robert Lenz, deputy assistant secretary of Defense for cyber, identity and information assurance.
Defense quietly established a program to share cyber threat information with its contractors, the National Journal reported on April 30. Lentz told the hearing that a pilot project that Defense launched in 2008 is designed to share cyber threat and vulnerability information with contractors.