DOD, Partners Better Prepared for Cyber Attacks

WASHINGTON, Oct. 18, 2011 — The Defense Depart­ment and its part­ners at home and world­wide are much bet­ter pre­pared to deal with cyber attacks than they were in 2008, the DOD cyber pol­i­cy direc­tor said yes­ter­day.

Steve Schleien, prin­ci­pal direc­tor for cyber in the office of the under­sec­re­tary of defense for pol­i­cy, spoke with Amer­i­can Forces Press Ser­vice and the Pen­ta­gon Chan­nel dur­ing Cyber Secu­ri­ty Aware­ness Month.

“We are much bet­ter pre­pared than we were in 2008 when Oper­a­tion Buck­shot Yan­kee occurred,” Schleien said, refer­ring to the most sig­nif­i­cant breach ever of U.S. mil­i­tary com­put­ers.

That major com­pro­mise of DOD’s clas­si­fied com­put­er net­works led to the 2009 cre­ation of U.S. Cyber Com­mand, part of the Strate­gic Com­mand, to cen­tral­ize cyber­space oper­a­tions, orga­nize cyber resources and syn­chro­nize the defense of U.S. mil­i­tary net­works.

It also led to Pres­i­dent Barack Obama’s May 16 launch of an inter­na­tion­al strat­e­gy for cyber­space and the Defense Department’s July 14 release of its relat­ed strat­e­gy for oper­at­ing in cyber­space.

The DOD strat­e­gy out­lined a new way for­ward for the department’s mil­i­tary, intel­li­gence and busi­ness oper­a­tions.

Cyber defense improve­ment, Schleien said, has come from “hav­ing the strat­e­gy in place, hav­ing the Cyber Com­mand and the ser­vice cyber com­po­nents tak­ing a seri­ous look at day-in, day-out coor­di­na­tion of cyber defens­es, [and] the knowl­edge we have of what our adver­saries are doing and how to deal with it.”

The department’s unclas­si­fied net­works nev­er will be per­fect­ly safe, he added.

“We have to be able to oper­ate with that in mind but we’ll work with the Depart­ment of Home­land Secu­ri­ty, with our pri­vate-sec­tor part­ners … and with our inter­na­tion­al part­ners [to] increase DOD cyber secu­ri­ty, and hope­ful­ly do the same for our part­ners.”

One such effort is called the Defense Indus­tri­al Base, or DIB, Cyber Pilot, a pro­gram that helps cer­tain indus­try com­pa­nies pro­tect defense-relat­ed infor­ma­tion on their com­put­er net­works from the most seri­ous intrud­ers.

“First, we have a pre-exist­ing cyber secu­ri­ty and infor­ma­tion assur­ance pro­gram with a small num­ber of DIB com­pa­nies to help us exchange net­work secu­ri­ty infor­ma­tion with them on an unclas­si­fied basis,” Schleien said.

“What we’ve done in this cyber pilot that fin­ished up in Sep­tem­ber is to take a small­er set of DIB com­pa­nies and try to bring clas­si­fied sig­na­tures, or infor­ma­tion that real­ly is in the domain of the gov­ern­ment and DOD, to help pro­tect their net­works from high­er-lev­el adver­saries.”

The main part of the pilot was com­plet­ed in Sep­tem­ber, he added, but DOD has extend­ed it for 60 days to allow an inde­pen­dent eval­u­a­tor to deter­mine the program’s suc­cess. In that time, depart­ment offi­cials will dis­cuss the results with oth­er fed­er­al part­ners.

DOD and DHS tight­ened their cyber col­lab­o­ra­tion in 2010 when the agen­cies signed an agree­ment to pro­vide per­son­nel, equip­ment and facil­i­ties in mutu­al sup­port of strate­gic plan­ning for cyber secu­ri­ty, and to joint­ly devel­op capa­bil­i­ties and syn­chro­nize cyber mis­sion activ­i­ties.

“We’re using the DIB cyber pilot as a test case for how we can pro­vide a high­er lev­el of cyber secu­ri­ty to crit­i­cal infra­struc­ture sec­tors in the defense indus­tri­al base,” Schleien said.

“We are work­ing the pilot hand in hand with DHS so that [they] can use any lessons learned with oth­er crit­i­cal infra­struc­ture sec­tors,” he added, such as the elec­tric grid or the nation­al trans­porta­tion sys­tem.

“We and DHS have com­mit­ted to a very deep work­ing rela­tion­ship on cyber secu­ri­ty [and] have cre­at­ed a joint ele­ment at Fort Meade [in Md.] to share a com­mon oper­at­ing pic­ture, to work on oper­a­tions views to make sure we under­stand what the oth­er is doing and shar­ing tech­niques on how to deal with the cyber threat.”

DOD also works close­ly with inter­na­tion­al part­ners on cyber secu­ri­ty strat­e­gy and oper­a­tions, Schleien said.

One of the points made in Obama’s Inter­na­tion­al Strat­e­gy for Cyber­space, he added, “was that if there’s a hos­tile act in cyber­space against the Unit­ed States or one of our allies, we … will treat it as we would any oth­er hos­tile act in one of the oth­er domains.”

To pre­pare a coor­di­nat­ed response to future cyber attacks, DHS works with DOD and indus­try through the Nation­al Cyber Inci­dent Response Plan, which pro­vides pro­to­cols and pro­ce­dures in the event of a cyber inci­dent, Schleien said.

“We also exchange per­son­nel at our oper­a­tions cen­ters,” he added, “to ensure that we have a com­mon oper­at­ing pic­ture.”

In the case of an attack on the elec­tric grid, for exam­ple, DHS would bring togeth­er senior offi­cials to deter­mine the best way to mit­i­gate the attack, and deter­mine which depart­ments and agen­cies have the best tools for it.

The Unit­ed States also would try to attribute the attack or inci­dent to a spe­cif­ic adver­sary, Schleien said.

For com­put­er attacks, attri­bu­tion can be dif­fi­cult, he added, but an inter­a­gency group with law enforce­ment author­i­ties works togeth­er on such foren­sics.

For DOD, the Defense Cyber­crime Cen­ter has “an out­stand­ing cyber foren­sics capa­bil­i­ty,” Schleien said.

“The chal­lenge of attri­bu­tion is one that we are work­ing on, but it is much dif­fer­ent than what we’re famil­iar with in oth­er domains,” he added.

U.S. pol­i­cy holds that the Law of Armed Con­flict applies to cyber­space, the prin­ci­pal direc­tor said.

This means that a response to any kind of hos­tile cyber act would have to be pro­por­tion­al to the attack, dis­crim­i­nat­ing in terms of tar­get­ing law­ful com­bat­ants, and nec­es­sary to accom­plish a legit­i­mate mil­i­tary objec­tive.

“That will com­pli­cate our response action on mak­ing sure our response is con­sis­tent with the Law of Armed Con­flict, he said, ” … and we will take that very seri­ous­ly as we think about any response actions. But attri­bu­tion is a chal­lenge that we haven’t ful­ly met yet.”

Schleien added, “We would do the best we can to give the pres­i­dent options.”

Source:
U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs)

Team GlobDef

Team GlobDef

Seit 2001 ist GlobalDefence.net im Internet unterwegs, um mit eigenen Analysen, interessanten Kooperationen und umfassenden Informationen für einen spannenden Überblick der Weltlage zu sorgen. GlobalDefenc.net war dabei die erste deutschsprachige Internetseite, die mit dem Schwerpunkt Sicherheitspolitik außerhalb von Hochschulen oder Instituten aufgetreten ist.

Alle Beiträge ansehen von Team GlobDef →