WASHINGTON, July 15, 2011 — The cyber threat the United States faces is increasing in severity and is accessible to a wide range of enemies, Deputy Defense Secretary William J. Lynn III said in a television interview broadcast last night.
“Most of what we see today is exploitation — that’s theft, stealing secrets, either commercial or military,” Lynn told Ray Suarez on “PBS Newshour.” “[But] we know the tools exist to destroy things, to destroy physical property, to destroy networks, to destroy data, maybe even take human lives.”
Lynn said nation-states currently are the sole possessors of sophisticated cyber tools, but the capability will spread over time.
“It’s going to migrate to rogue states, and it’s going to migrate to, eventually, terrorist groups,” he said. “At some point, you’re going to see a marriage of capability and intent, and that is what we should truly worry about.”
DOD is working both to defend its own networks and support the Department of Homeland Security’s mission to protect systems important to national security, Lynn said.
Pentagon officials yesterday released the Defense Department’s first strategy aimed at countering the cyber threat. The strategy document charts the increase of Internet usage since 2000, when there were 360 global users, to 2010’s 2 billion. DOD alone has 15,000 networks and more than 7 million computing devices.
“In the first instance, we’re protecting those military capabilities,” Lynn said. “But we need to go further. Working through the Department of Homeland Security, we need to think about how we might use better defensive capabilities to protect … the power grid, the transportation network, the financial sector.”
DOD is not committing to protecting the entire Internet, Lynn said.
“We’re talking with our allies about how we have a collective defense,” he said. “We’re working with them to share technologies, to share understandings of the threat, so that we have a collective defense approach to this important problem.” Most cyber attacks happening now are malicious activity, some are criminal, and some reach the level of espionage, Lynn said.
“We have seen a few cases … where it goes above that and degrades networks themselves,” he said, noting the 2007 attack on Estonia and the 2008 cyber assault on the republic of Georgia.
Defending the cyber domain requires a new way of thinking, Lynn said.
“It’s different than land, sea, air and space,” he noted. “It’s largely privately owned. It crosses borders. It doesn’t respect sovereignty. And the speed at which it moves, keystrokes on one side of the globe can have an impact on the other in the blink of an eye.”
U.S. Cyber Command is responsible for organizing DOD’s efforts in the cyber domain, the deputy secretary said.
“They’re out hiring people, both in uniform and as civilians, with … [the] cyber skills that we need,” he added. “They’re different kinds of skills than we might need with conventional soldiers, but they’re equally important.”
DOD doesn’t monitor or scan commercial networks in the United States, Lynn said.
“We’re trying to work with the appropriate agencies, the FBI, with law enforcement, the Department of Homeland Security, for protection of critical infrastructure to provide capabilities … that the Defense Department has that might be used for those critical missions,” he said. “But we don’t have the primary role.”
U.S. Department of Defense
Office of the Assistant Secretary of Defense (Public Affairs)