Too much information on cybersecurity vulnerabilities is classified, and it is much easier to learn about kinetic threats from federal agencies than to learn about cyber threats, according to the former head of the CIA.
Writing for the Air Force“™s Strategic Studies Quarterly, retired four-star Gen. Michael Hayden discussed the future of all things cyber, starting off with the topic of whether cyber is a domain.
“Like everyone else who is or has been in a US military uniform, I think of cyber as a domain,” Hayden wrote. “It is now enshrined in doctrine: land, sea, air, space, cyber. It trips off the tongue, and frankly I have found the concept liberating when I think about operationalizing this domain.”
But whereas the other domains are “natural, created by God,” cyberspace is man made, Hayden pointed out. This geography can be changed, and anything that happens there creates a change in someone“™s physical space, he said.
“Are these differences important enough for us to rethink our doctrine?” Hayden asked and added that some in the federal government believe treating cyber as a separate domain is just a way to “cleverly mask serious unanswered questions of sovereignty when conducting cyber operations.”
Hayden also discussed the issue of how too much of the information about cyber vulnerabilities is classified.
“This stuff is overprotected,” he wrote. “It is far easier to learn about physical threats from U.S. government agencies than to learn about cyber threats. ”
Hayden said there needs to be better definitions of what is truly secret; however, the most pressing demand is clear policy, formed by shared consensus, shaped by informed discussion, and created by a common body of knowledge because without that, the policy vacuum continues.
“This will not be easy, and in the wake of WikiLeaks it will require courage; but, it is essential and should itself be the subject of intense discussion,” he said. “Who will step up to lead?”