DOD Releases First Strategy for Operating in Cyberspace

WASHINGTON, July 14, 2011 — The Defense Department’s first strat­e­gy for oper­at­ing in cyber­space is a mile­stone in the fight to pro­tect the nation from poten­tial­ly dev­as­tat­ing net­work attacks, Deputy Defense Sec­re­tary William J. Lynn III said today.
Lynn addressed an audi­ence of mil­i­tary and civil­ian offi­cials, edu­ca­tors and reporters at the Nation­al Defense Uni­ver­si­ty.

“We do not know the exact way in which cyber will fig­ure in the exe­cu­tion of [DOD’s] mis­sion, or the pre­cise sce­nar­ios that will arise,” Lynn said.

“But the cen­tral­i­ty of infor­ma­tion tech­nol­o­gy to our mil­i­tary oper­a­tions and our soci­ety vir­tu­al­ly guar­an­tees that future adver­saries will tar­get our depen­dence on it,” he added.

“Our assess­ment is that cyber attacks will be a sig­nif­i­cant com­po­nent of any future con­flict, whether it involves major nations, rogue states or ter­ror­ist groups,” the deputy sec­re­tary said.

The exis­tence of tools that dis­rupt or destroy crit­i­cal net­works, cause phys­i­cal dam­age, or alter the per­for­mance of key sys­tems marks a strate­gic shift in the evolv­ing cyber threat, Lynn said.

“As a result of this threat,” he added, “key­strokes orig­i­nat­ing in one coun­try can impact the oth­er side of the globe in the blink of an eye. In the 21st cen­tu­ry, bits and bytes can be as threat­en­ing as bul­lets and bombs.”

An impor­tant ele­ment of the strat­e­gy is to deny or min­i­mize an attack, Lynn said. “If we can min­i­mize the impact of attacks on our oper­a­tions and attribute them quick­ly and defin­i­tive­ly, we may be able to change the deci­sion cal­cu­lus of an attack­er.”

Oth­er ele­ments, or pil­lars, of the strat­e­gy include:

— Treat­ing cyber­space as an oper­a­tional domain like land, air, sea and space, oper­at­ing and defend­ing depart­ment net­works and train­ing and equip­ping forces for cyber mis­sions.

— Intro­duc­ing new oper­at­ing con­cepts on depart­ment net­works, includ­ing active cyber defens­es, using sen­sors, soft­ware and sig­na­tures to stop mali­cious code before it affects oper­a­tions.

— Work­ing with the Depart­ment of Home­land Secu­ri­ty and the pri­vate sec­tor to pro­tect crit­i­cal nation­al infra­struc­ture like the pow­er grid, trans­porta­tion sys­tem and finan­cial sec­tor.

— Build­ing col­lec­tive cyber defens­es with allies and inter­na­tion­al part­ners to expand aware­ness of mali­cious activ­i­ty and help defend against attacks.

— Fun­da­men­tal­ly shift­ing the tech­no­log­i­cal land­scape of cyber secu­ri­ty by sig­nif­i­cant­ly enhanc­ing net­work secu­ri­ty.

“Over the past year,” Lynn said, “we have made progress in each of these five pil­lars.”

In May 2010, U.S. Cyber Com­mand became oper­a­tional to cen­tral­ize net­work oper­a­tions and defense.

“We have estab­lished sup­port­ing activ­i­ties in each of the mil­i­tary ser­vices,” Lynn said, “and we are now train­ing our forces to thwart attacks that com­pro­mise our oper­a­tions.” The Unit­ed States part­nered with Aus­tralia, Cana­da, the Unit­ed King­dom and NATO, and under Pres­i­dent Barack Obama’s Com­pre­hen­sive Nation­al Cyber­se­cu­ri­ty Ini­tia­tive, launched in May, the Defense Depart­ment will increase coop­er­a­tion with oth­er nations in the com­ing months, he added.

“We have also com­mit­ted half a bil­lion dol­lars in [research and devel­op­ment] funds to accel­er­ate research on advanced defen­sive tech­nolo­gies,” the deputy sec­re­tary said. “Our research agen­da includes nov­el approach­es to improv­ing net­work secu­ri­ty and defense,” he said.

“We imag­ine a time when com­put­ers innate­ly and auto­mat­i­cal­ly adapt to new threats,” he said. “We hope for a world when we can not only trans­mit infor­ma­tion in encrypt­ed form, but also keep data encrypt­ed as we per­form reg­u­lar com­put­er oper­a­tions. Hav­ing data encrypt­ed 100% of the time would be a rev­o­lu­tion in com­put­er secu­ri­ty, great­ly enhanc­ing our abil­i­ty to oper­ate in untrust­ed envi­ron­ments.”

The Defense Depart­ment has made “sub­stan­tial progress,” Lynn said, in work­ing with pri­vate indus­try and the rest of gov­ern­ment to make crit­i­cal infra­struc­ture more secure.

Last Octo­ber, the Depart­ments of Defense and Home­land Secu­ri­ty, which is respon­si­ble for pro­tect­ing crit­i­cal infra­struc­ture, signed an agree­ment to coor­di­nate cyber secu­ri­ty efforts.

The agen­cies estab­lished a joint plan­ning capa­bil­i­ty and exchanged cyber per­son­nel in their oper­a­tions cen­ters, he said.

DOD is help­ing Home­land Secu­ri­ty deploy advanced defen­sive tech­nolo­gies on gov­ern­ment net­works, Lynn said.

The crit­i­cal infra­struc­ture the mil­i­tary depends on extends to pri­vate com­pa­nies that build DOD’s equip­ment and tech­nol­o­gy, he added.

“It is a sig­nif­i­cant con­cern that over the past decade, ter­abytes of data have been extract­ed by for­eign intrud­ers from cor­po­rate net­works of defense com­pa­nies,” Lynn said. “In a sin­gle intru­sion this March, 24,000 files were tak­en.”

The stolen data ranges from spec­i­fi­ca­tions for small parts of tanks, air­planes and sub­marines to air­craft avion­ics, sur­veil­lance tech­nolo­gies, satel­lite com­mu­ni­ca­tions sys­tems and net­work secu­ri­ty pro­to­cols.

“Cur­rent coun­ter­mea­sures have not stopped this out­flow of sen­si­tive infor­ma­tion,” the deputy sec­re­tary said. “We need to do more to guard our dig­i­tal store­hous­es of design inno­va­tion.”

In response, he said, the Depart­ments of Defense and Home­land Secu­ri­ty estab­lished a pilot pro­gram with a hand­ful of defense com­pa­nies that gives the com­pa­nies robust pro­tec­tion for their net­works.

“In this Defense Indus­tri­al Base — or DIB — Cyber Pilot,” Lynn said, “clas­si­fied threat intel­li­gence is shared with defense con­trac­tors or their com­mer­cial Inter­net ser­vice providers, along with the know-how to employ it in net­work defense.”

Such intel­li­gence helps the com­pa­nies and their Inter­net ser­vice providers iden­ti­fy and stop mali­cious activ­i­ty in their net­works, he said.

“Although we are only begin­ning to eval­u­ate the effec­tive­ness of the pilot,” Lynn said, “it has already stopped intru­sions for some par­tic­i­pat­ing indus­try part­ners.”

Through infor­ma­tion shar­ing pro­mot­ed by the pro­gram, he added, “we not only halt­ed intru­sions, we also learned more about the diver­si­ty of tech­niques used to per­pe­trate them.”

The Unit­ed States stands at an impor­tant junc­ture in the devel­op­ment of the cyber threat, Lynn said.

“More destruc­tive tools are being devel­oped, but have not yet been wide­ly used,” he added.

The Defense Depart­ment needs to devel­op stronger defens­es, the deputy sec­re­tary said, before those who mean harm to the Unit­ed States gain the abil­i­ty to launch more dam­ag­ing cyber attacks.

“We have a win­dow of oppor­tu­ni­ty,” he added, ” … in which to pro­tect our net­works against more per­ilous threats.”

U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs)

More news and arti­cles can be found on Face­book and Twit­ter.

Fol­low on Face­book and/or on Twit­ter