DOD, Partners Better Prepared for Cyber Attacks

WASHINGTON, Oct. 18, 2011 — The Defense Depart­ment and its part­ners at home and world­wide are much bet­ter pre­pared to deal with cyber attacks than they were in 2008, the DOD cyber pol­i­cy direc­tor said yes­ter­day.

Steve Schleien, prin­ci­pal direc­tor for cyber in the office of the under­sec­re­tary of defense for pol­i­cy, spoke with Amer­i­can Forces Press Ser­vice and the Pen­ta­gon Chan­nel dur­ing Cyber Secu­ri­ty Aware­ness Month.

“We are much bet­ter pre­pared than we were in 2008 when Oper­a­tion Buck­shot Yan­kee occurred,” Schleien said, refer­ring to the most sig­nif­i­cant breach ever of U.S. mil­i­tary com­put­ers.

That major com­pro­mise of DOD’s clas­si­fied com­put­er net­works led to the 2009 cre­ation of U.S. Cyber Com­mand, part of the Strate­gic Com­mand, to cen­tral­ize cyber­space oper­a­tions, orga­nize cyber resources and syn­chro­nize the defense of U.S. mil­i­tary net­works.

It also led to Pres­i­dent Barack Obama’s May 16 launch of an inter­na­tion­al strat­e­gy for cyber­space and the Defense Department’s July 14 release of its relat­ed strat­e­gy for oper­at­ing in cyber­space.

The DOD strat­e­gy out­lined a new way for­ward for the department’s mil­i­tary, intel­li­gence and busi­ness oper­a­tions.

Cyber defense improve­ment, Schleien said, has come from “hav­ing the strat­e­gy in place, hav­ing the Cyber Com­mand and the ser­vice cyber com­po­nents tak­ing a seri­ous look at day-in, day-out coor­di­na­tion of cyber defens­es, [and] the knowl­edge we have of what our adver­saries are doing and how to deal with it.”

The department’s unclas­si­fied net­works nev­er will be per­fect­ly safe, he added.

“We have to be able to oper­ate with that in mind but we’ll work with the Depart­ment of Home­land Secu­ri­ty, with our pri­vate-sec­tor part­ners … and with our inter­na­tion­al part­ners [to] increase DOD cyber secu­ri­ty, and hope­ful­ly do the same for our part­ners.”

One such effort is called the Defense Indus­tri­al Base, or DIB, Cyber Pilot, a pro­gram that helps cer­tain indus­try com­pa­nies pro­tect defense-relat­ed infor­ma­tion on their com­put­er net­works from the most seri­ous intrud­ers.

“First, we have a pre-exist­ing cyber secu­ri­ty and infor­ma­tion assur­ance pro­gram with a small num­ber of DIB com­pa­nies to help us exchange net­work secu­ri­ty infor­ma­tion with them on an unclas­si­fied basis,” Schleien said.

“What we’ve done in this cyber pilot that fin­ished up in Sep­tem­ber is to take a small­er set of DIB com­pa­nies and try to bring clas­si­fied sig­na­tures, or infor­ma­tion that real­ly is in the domain of the gov­ern­ment and DOD, to help pro­tect their net­works from high­er-lev­el adver­saries.”

The main part of the pilot was com­plet­ed in Sep­tem­ber, he added, but DOD has extend­ed it for 60 days to allow an inde­pen­dent eval­u­a­tor to deter­mine the program’s suc­cess. In that time, depart­ment offi­cials will dis­cuss the results with oth­er fed­er­al part­ners.

DOD and DHS tight­ened their cyber col­lab­o­ra­tion in 2010 when the agen­cies signed an agree­ment to pro­vide per­son­nel, equip­ment and facil­i­ties in mutu­al sup­port of strate­gic plan­ning for cyber secu­ri­ty, and to joint­ly devel­op capa­bil­i­ties and syn­chro­nize cyber mis­sion activ­i­ties.

“We’re using the DIB cyber pilot as a test case for how we can pro­vide a high­er lev­el of cyber secu­ri­ty to crit­i­cal infra­struc­ture sec­tors in the defense indus­tri­al base,” Schleien said.

“We are work­ing the pilot hand in hand with DHS so that [they] can use any lessons learned with oth­er crit­i­cal infra­struc­ture sec­tors,” he added, such as the elec­tric grid or the nation­al trans­porta­tion sys­tem.

“We and DHS have com­mit­ted to a very deep work­ing rela­tion­ship on cyber secu­ri­ty [and] have cre­at­ed a joint ele­ment at Fort Meade [in Md.] to share a com­mon oper­at­ing pic­ture, to work on oper­a­tions views to make sure we under­stand what the oth­er is doing and shar­ing tech­niques on how to deal with the cyber threat.”

DOD also works close­ly with inter­na­tion­al part­ners on cyber secu­ri­ty strat­e­gy and oper­a­tions, Schleien said.

One of the points made in Obama’s Inter­na­tion­al Strat­e­gy for Cyber­space, he added, “was that if there’s a hos­tile act in cyber­space against the Unit­ed States or one of our allies, we … will treat it as we would any oth­er hos­tile act in one of the oth­er domains.”

To pre­pare a coor­di­nat­ed response to future cyber attacks, DHS works with DOD and indus­try through the Nation­al Cyber Inci­dent Response Plan, which pro­vides pro­to­cols and pro­ce­dures in the event of a cyber inci­dent, Schleien said.

“We also exchange per­son­nel at our oper­a­tions cen­ters,” he added, “to ensure that we have a com­mon oper­at­ing pic­ture.”

In the case of an attack on the elec­tric grid, for exam­ple, DHS would bring togeth­er senior offi­cials to deter­mine the best way to mit­i­gate the attack, and deter­mine which depart­ments and agen­cies have the best tools for it.

The Unit­ed States also would try to attribute the attack or inci­dent to a spe­cif­ic adver­sary, Schleien said.

For com­put­er attacks, attri­bu­tion can be dif­fi­cult, he added, but an inter­a­gency group with law enforce­ment author­i­ties works togeth­er on such foren­sics.

For DOD, the Defense Cyber­crime Cen­ter has “an out­stand­ing cyber foren­sics capa­bil­i­ty,” Schleien said.

“The chal­lenge of attri­bu­tion is one that we are work­ing on, but it is much dif­fer­ent than what we’re famil­iar with in oth­er domains,” he added.

U.S. pol­i­cy holds that the Law of Armed Con­flict applies to cyber­space, the prin­ci­pal direc­tor said.

This means that a response to any kind of hos­tile cyber act would have to be pro­por­tion­al to the attack, dis­crim­i­nat­ing in terms of tar­get­ing law­ful com­bat­ants, and nec­es­sary to accom­plish a legit­i­mate mil­i­tary objec­tive.

“That will com­pli­cate our response action on mak­ing sure our response is con­sis­tent with the Law of Armed Con­flict, he said, ” … and we will take that very seri­ous­ly as we think about any response actions. But attri­bu­tion is a chal­lenge that we haven’t ful­ly met yet.”

Schleien added, “We would do the best we can to give the pres­i­dent options.”

U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs)