Lynn: Cyber Strategy’s Thrust is Defensive

WASHINGTON, July 14, 2011 — In March, a cyber attack on a defense company’s net­work cap­tured 24,000 files con­tain­ing Defense Depart­ment infor­ma­tion.

Nations typ­i­cal­ly launch such attacks, Deputy Defense Sec­re­tary William J. Lynn III said today, but a grow­ing risk of ter­ror­ist groups and rogue states devel­op­ing sim­i­lar capa­bil­i­ties dri­ves the need to strength­en the nation’s cyber defens­es.

“All of the advanced capa­bil­i­ties we have, whether it’s tar­get­ing or nav­i­ga­tion or com­mu­ni­ca­tion, … have a back­bone that’s run through infor­ma­tion tech­nol­o­gy,” he said. “So if you’re a smart adver­sary and you’re seek­ing an asym­met­ric way to come at the Unit­ed States, cyber will appear to you very, very quick­ly.”

Lynn spoke to Pen­ta­gon reporters about how the Defense Department’s new Strat­e­gy for Oper­at­ing in Cyber­space coun­ters such threats. Offi­cials released an unclas­si­fied ver­sion of the strat­e­gy today.

Attacks in cyber­space are hard to trace to the source, which makes retal­i­a­tion an inef­fec­tive strat­e­gy, Lynn said, not­ing that DOD’s approach is to hard­en defens­es and reduce incen­tives for attacks.

The strat­e­gy rests on five pil­lars, he said: treat cyber as a domain; employ more active defens­es; sup­port the Depart­ment of Home­land Secu­ri­ty in pro­tect­ing crit­i­cal infra­struc­ture net­works; prac­tice col­lec­tive defense with allies and inter­na­tion­al part­ners; and reduce the advan­tages attack­ers have on the Inter­net.

The depart­ment estab­lished U.S. Cyber Com­mand in May 2010 to address the Inter­net as a domain, just as it does land, sea, air and space. Cyber Com­mand devel­ops doc­trine, train­ing and equip­ment for cyber defense, Lynn said.

“We have, with­in Cyber Com­mand, a full spec­trum of capa­bil­i­ties, but the thrust of the strat­e­gy is defen­sive,” Lynn said. “We think we need to be able to defend our net­works just to main­tain our offen­sive advan­tages in all of the oth­er areas.”

Lynn said the active defense facet of the strat­e­gy seeks to avoid a “Mag­inot Line” approach, focused only on the perime­ter.

“You want to be able to hunt on your own net­works, to find things that get past the perime­ter,” he said. “It’s a more dynam­ic approach to defense.”

Lynn said DOD is respon­si­ble for defend­ing mil­i­tary net­works, but the Depart­ment of Home­land Secu­ri­ty is respon­si­ble for gov­ern­ment net­works and work­ing with the pri­vate sec­tor on defend­ing crit­i­cal infra­struc­ture. But the Pen­ta­gon has an impor­tant role to play sup­port­ing Home­land Security’s efforts, Lynn said, because it relies on the pow­er grid and the trans­porta­tion and finan­cial net­works.

“If we were in some sort of world where we were able to pro­tect the mil­i­tary net­works and the pow­er grid went down, that would not be good mil­i­tar­i­ly,” he said.

“We think that over time, research and devel­op­ment mon­ey might rebal­ance that some­what and impose costs on the attack­er,” Lynn said, offer­ing as an exam­ple of promis­ing tech­nol­o­gy the abil­i­ty to encrypt data at rest with­out increas­ing pro­cess­ing time, which the Defense Advanced Research Projects Agency and pri­vate-sec­tor com­pa­nies are work­ing to devel­op.

“That’s the kind of thing that would … give more advan­tages to the defend­er. So if you broke in [to a net­work] you would then have to decrypt the data,” he said. “It’s a much, much hard­er prob­lem for an attack­er.”

In the 1980s and 1990s, DOD invest­ed in high-per­for­mance com­put­ing for crypt­analy­sis and oth­er mil­i­tary appli­ca­tions, Lynn not­ed.

“That helped seed a whole indus­try,” he said. “It helped, I think, accel­er­ate the devel­op­ment of tech­nolo­gies.”

Sim­i­lar advances can result from the department’s efforts now, he said, not­ing DOD’s cyber invest­ment includes a half bil­lion dol­lars in research fund­ing for DARPA in the last bud­get.

“We’ve got a very strong part­ner­ship with our defense indus­tri­al base now,” he said. “We have, I think, worked through process­es where we’re shar­ing data, shar­ing an under­stand­ing of the threat … and that just strength­ens every­body.”

Close coop­er­a­tion among DOD, oth­er agen­cies and pri­vate indus­try lim­its risk, Lynn said, because defens­es can be put in place quick­ly to lim­it the spread of harm­ful attacks.

DOD also coor­di­nates with defense com­pa­nies and the infor­ma­tion tech­nol­o­gy indus­try through the endur­ing secu­ri­ty frame­work, he said, which allows the depart­ment to solic­it tech­ni­cal solu­tions to threats.

“It’s a very soft touch,” he said. “This is a col­lab­o­ra­tive forum. … There’s no gov­ern­ment direc­tion in that, but we’ve seen sev­er­al spe­cif­ic instances where they have indeed made upgrades based on the descrip­tion of the threats.”

On the inter­na­tion­al front, the Unit­ed States has reached agree­ments with NATO, as well as with indi­vid­ual nations, includ­ing the Unit­ed King­dom and Aus­tralia, Lynn said.

“The White House just put out an inter­na­tion­al strat­e­gy with the idea of broad­en­ing that group of inter­na­tion­al part­ners,” he added.

“There cer­tain­ly are sov­er­eign­ty issues,” Lynn said. “I think that’s where col­lec­tive defense is a crit­i­cal ele­ment. If you exchange infor­ma­tion about the kinds of threats, the kinds of sig­na­tures you’re see­ing, … you’re able to get ear­ly warn­ing.”

U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs)

More news and arti­cles can be found on Face­book and Twit­ter.

Fol­low on Face­book and/or on Twit­ter