I’m Pro-Cyber Command
The folks over at Errata Security have a blog post about Cyber Commands failing. They make some really good points, but they are missing a few things.
On the offensive side, they’ve hit the nail on the head. Hacking is asynchronous and to do it on command will be difficult. The one aspect left out of their article is a DDoS attack capability. We may already have this capability, but its probably classified. Russia used DDoS effectively against Georgia last year, so hopefully that opened some eyes.
On the defensive side, we most definitely need a central cyber command. We do have some standards organizations and policies, but the mandates are too loose and there’s not much oversight. There needs to be a huge push for software security. I think the government does a decent job with network security, they just need to extend that ability to contractors. A central cyber command with the charge of defending the United States against cyber attacks is crucial.