The U.S. military is very good at running its supply chain and redirecting the gun barrel to cover new targets or customers when necessary.
It is a telling sign of the U.S. military's unwillingness to take on the responsibility of cyberwar that it has failed for 21 solid years to respond successfully to warning s it had a huge hole in its digital defenses.
Successful armies don't let big holes remain in their defenses for 21 years.
Successful armies spend most of their time fixing up their main defenses and in making themselves brave enough and well equipped enough to roll out on the field where a stranger's tanks can shoot at them. They' don't sit in an operations center, on hair-trigger alert to squash a SQL injection attack or port scan or spear-phishing attempt.
That's not what it has been practicing to do for 200 years or what it and each individual member of it has had to become to accomplish its goals – goals that require very specific emotional, instinctual and organizational adaptations.
It's oxymoronic to say it, but the extreme adaptations needed by those chosen by an otherwise peaceful society to do what killing is necessary are not easy to reverse or reorient to the point of considering an sustained DDOSing as being just as valid an attack as an artillery barrage.
It may be time to consider having someone other than the military take over primary responsibility for attack and defense of the United States in cyberspace, despite the often sincere effort of many in the military to duct-tape good cyberwar capabilities onto an organization exquisitely well designed to deliver death and destruction at a great distance for a long, long time in the face of fierce opposition rather than sit in a chair with its forehead stuck to a screen.
You don't need a giant naval gun to fight off the Ravening Hordes from Some Other Mom's Basement. They might be fun, but they're not really helpful.
You need to stay up late at night, eat pizza, drink caffeine and keep poking at someone else's servers until they roll over and give up the root.
The DoD wants its server pokers to get up early in the morning, go for a run and speak in military gibberish rather than speaking good, old-fashioned Geekish.
I'm not sure it's a language the Pentagon even knows how to translate without misinterpreting because it doesn't understand the context. The cultural differences are vast.
The GAO makes clear that the Pentagon is way out of its depth in the effort to build a credible cyberwar capability. It's not clear to me whether it will ever be able to swim its way out, or learn how to do more than just tread water while the bad guys zoom around in Somali pirate boats.
I wonder if it's time to let someone else have a crack at defending the U.S. against cyberattack.
Sandia National Labs.