Never fight a land war in cyberspace

Marcus Ranum from his October, 2013 appearance at AusCERT.

“In cyberspace the only defense is a strong defense.”


Modern military doctrine is rooted in the idea that the best defense is a strong offense.

As a result…

“The militaries of the world have this creeping dread that they have become irrelevant.”

Which, of course, they have.

Ranum concludes that “Cyberspace is not a military domain.”

Cyber War is the wrong term. The right term is Computer Security. Except for two narrow exceptions:

1. Espionage (information gathering for a strategic purpose)
2. Low Intensity Conflicts (disruption with a strategic aim)


The more I reflect on what Ranum says in this talk, the more convinced I am that computer security needs to be taken out of the hands of the military (including the NSA, which is part of the US DoD) and put in the hands of a specialized civilian agency whose sole purpose is strategic cyber defense. Ironically, in a U.S. context I think that means taking US-CERT away from Homeland Security (the quintessential failed government agency) and putting it under the Department of Commerce where it will be more accountable to the businesses and the public it is should be serving.

This entry was posted in Editorial, Security on by .

About phil

My name is Phil Lembo. In my day job I’m an enterprise IT architect for a leading distribution and services company. The rest of my time I try to maintain a semi-normal family life in the suburbs of Raleigh, NC. E-mail me at philipATlembobrothersDOTcom. The opinions expressed here are entirely my own and not those of my employers, past, present or future (except where I quote others, who will need to accept responsibility for their own rants).