Mitchell Institute Releases New Entry in Forum Series:
Organizing for Cyber Resilience: Rethinking the Balance Between Prevention and Response

ARLINGTON, VA (October 10, 2018) —The Mitchell Institute for Aerospace Studies is pleased to announce the release of its latest Mitchell Forum paper, “Organizing for Cyber Resilience: Rethinking the Balance Between Prevention and Response,” by Col W. Mark Valentine, USAF (Ret.).

Cybersecurity is once again in headlines. A new White House cyber strategy released in September promises a more offensive response to cyber threats and cyber attacks whether from criminals or nation states. However, Valentine notes that debates on cyber defense and security that are often dominated by turf battles between agencies over responsibilities and proposed response options often “address the wrong choices.” Valentine, a former F-16 pilot, commander, and staff officer who now works with the Microsoft Corporation’s efforts to support the US Army, notes this outcome is a result of incorrectly identifying the true nature of the cyber environment. Better solutions are only possible when “policymakers recognize the complex nature of the cyber system and appropriately consider lessons from the fields of complexity theory and natural security.”

Referencing the ideas of management theorist David Snowden, Valentine notes that attempts to centralize cyber authorities and responsibilities in federal agencies such as the Department of Homeland Security and the Department of Defense fail to recognize the cyber environment as a “complex system,” one that government cannot completely secure regardless of resources. Centralization and static security efforts also negate an important lesson from nature about complex systems, as articulated by the ecologist and scientist Rafe Sagarin, that suggests employment of decentralized tools and agents leads to improved adaptability and resilience. Specifically, the DHS, the DOD, and the US government “should expand its efforts to integrate private sector capabilities into the cyber operational environment,” he adds. In addition, the US government should also seek to engage private sector cyber volunteers, who could aid in cyber defense by responding to challenges rather than directives, freeing up limited public resources elsewhere. This approach is much like the DHS and the Federal Emergency Management Agency has done with groups in response to natural disasters and other catastrophic domestic emergencies. “Nature is replete with examples of resilience gained through the adaptation strategies of decentralization, redundancy, and symbiosis,” Valentine notes. The US can implement these strategies by focusing more of the current cybersecurity emphasis towards capabilities such as rapid response, and pursuing better integration with private sector groups. “The alternative… is to continue chasing invulnerability, and starting from scratch after an inevitably large-scale failure,” Valentine concludes.

The Mitchell Forum series provides a venue for authors with ideas, concepts, and thoughts on national defense and aerospace power to engage with current and emerging policy debates and issues.

For more information on the series, and inquiries about submissions, contact Mitchell’s Director of Publications Marc V. Schanz at mschanz@afa.org or visit our website, at www.mitchellaerospacepower.org.

Share Article