“In cyberspace the only defense is a strong defense.”
Modern military doctrine is rooted in the idea that the best defense is a strong offense.
As a result…
“The militaries of the world have this creeping dread that they have become irrelevant.”
Which, of course, they have.
Ranum concludes that “Cyberspace is not a military domain.”
Cyber War is the wrong term. The right term is Computer Security. Except for two narrow exceptions:
1. Espionage (information gathering for a strategic purpose)
2. Low Intensity Conflicts (disruption with a strategic aim)
The more I reflect on what Ranum says in this talk, the more convinced I am that computer security needs to be taken out of the hands of the military (including the NSA, which is part of the US DoD) and put in the hands of a specialized civilian agency whose sole purpose is strategic cyber defense. Ironically, in a U.S. context I think that means taking US-CERT away from Homeland Security (the quintessential failed government agency) and putting it under the Department of Commerce where it will be more accountable to the businesses and the public it is should be serving.