Presentation to the Patterson School of Diplomacy at the University of Kentucky on cultural legacies and cyber security strategy, based on an article I published in Survival.

1. Strategic Culture and
Cyber Security
Patterson School of Diplomacy
& International Commerce
9 April 2012
W. Alexander Vacca, Ph.D.
Corporate Director- Business Assessment
The views herein are strictly those of the presenter. They do not necessarily reflect the view of Northrop Grumman, its employees, customers, or shareholders.

2. How Culture Matters
• Shared among groups of individuals
– Cross cuts organizational and national boundaries
– Cross cuts generations
– Cross cuts personal experiences
• Provides the “evoked set” of relevant analogies and metaphors
– Guides the search for relevant information
– Suggests the motives of other actors
– Suggests cause-effect relationships
– Implies probability of policy success or failure
– Constrains the search for policy options
• Shapes the processing of new information
The views herein are strictly those of the presenter. They do not necessarily reflect the view of Northrop Grumman, its employees, customers, or shareholders.
2

3. Two Approaches to Warfare
Mahan Douhet
The Commons Possess Transverse
Offense / Defense Balanced Fleet Best Defense is Offense
Force Targeting Military Civil & Industrial
“Moral” Effects Secondary Crucial
Climax of War Defeat the Fleet Obliterate the Cities
The views herein are strictly those of the presenter. They do not necessarily reflect the view of Northrop Grumman, its employees, customers, or shareholders.
3

4. Mahan: From SLOC to CLOC
• The modern economy is dependent upon the “Cyber Lines of
Communication” (CLOC).
• Build a force capable of ensuring freedom of the CLOC. Focus efforts
on defeating enemy actions within cyberspace, including building a
robust defense.
The views herein are strictly those of the presenter. They do not necessarily reflect the view of Northrop Grumman, its employees, customers, or shareholders.
4

5. Douhet: Victory Through Cyber Power!
• Pass through cyberspace to conduct decisive kinetic operations
• Defense is a low priority, maintain the ability to conduct cyber offense
and achieve cyber deterrence
• Civil and industrial targeting can break the will and ability of an enemy
to fight
• Pay close attention to the links between cyber means and kinetic
effects
The views herein are strictly those of the presenter. They do not necessarily reflect the view of Northrop Grumman, its employees, customers, or shareholders.
5

6. Cyber Security in the USAF Today
“Cyber, as a warfighting domain . . . like
air, favors the offense. If you’re defending in
cyber, you’re already too late. Cyber delivers on
the original promise of air power. If you don’t
dominate in cyber, you cannot dominate in
other domains. If you’re a developed
country, you can’t conduct daily life [after a
large scale cyber attack], your life comes to a
screeching halt.”
- Lani Kass (Director USAF Cyberspace Taskforce), 2007
The views herein are strictly those of the presenter. They do not necessarily reflect the view of Northrop Grumman, its employees, customers, or shareholders.
6

7. The Rise of Cyber Deterrence
• Deterrence is comforting and familiar
– For Policymakers: a peaceful and successful Cold War
– For the Military: support for military spending
– For Analysts: a framework well studied and specified
• But is it applicable?
– Myriad of cyber actors
– Multiple motives for cyber actions
– Problems of attribution
– Linking deterrent penalties to deterrent triggers
• Students of strategic studies and the “Culture of Deterrence”?
The views herein are strictly those of the presenter. They do not necessarily reflect the view of Northrop Grumman, its employees, customers, or shareholders.
7

8. Some Policy Implications
• Knowledge about the roots of analytical perspectives (ie, knowing your
history) provides insight into the logic of others.
• Beware the logic of policy metaphors and analogies (“e-
Katrina”, “Cyber Pearl Harbor”).
• Bring multiple cultural perspectives to bear on problems of national
importance (especially new problems).
The views herein are strictly those of the presenter. They do not necessarily reflect the view of Northrop Grumman, its employees, customers, or shareholders.
8

9. For Further Discussion…
Gluttons for punishment are advised to consult:
Vacca, W. Alexander. “Military Culture and Cyber Security,”
Survival 53:6 (December 2011), pages 159-176
The views herein are strictly those of the presenter. They do not necessarily reflect the view of Northrop Grumman, its employees, customers, or shareholders.
9