Lynn: Cyberspace is the New Domain of Warfare

WASHINGTON, Oct. 18, 2010 — With the cre­ation of the U.S. Cyber Com­mand in May and last week’s cyber­se­cu­ri­ty agree­ment between the depart­ments of Defense and Home­land Secu­ri­ty, DOD is ready to add cyber­space to sea, land, air and space as the lat­est domain of war­fare, the Deputy Defense Sec­re­tary William J. Lynn III said.

“Infor­ma­tion tech­nol­o­gy pro­vides us with crit­i­cal advan­tages in all of our warfight­ing domains so we need to pro­tect cyber­space to enable those advan­tages,” Lynn said dur­ing an Oct. 14 Pen­ta­gon Chan­nel inter­view.

Adver­saries may be able to under­mine the military’s advan­tages in con­ven­tion­al areas, Lynn said, by attack­ing the nation’s mil­i­tary and com­mer­cial infor­ma­tion tech­nol­o­gy, or IT, infra­struc­ture.

This threat has “opened up a whole new asym­me­try in future war­fare,” the deputy defense sec­re­tary said.

DOD’s focus on cyberde­fense began in 2008 with a pre­vi­ous­ly clas­si­fied inci­dent in the Mid­dle East in which a flash dri­ve insert­ed mal­ware into clas­si­fied mil­i­tary net­works, Lynn said.

“We real­ized we could­n’t rely on pas­sive defens­es and fire­walls and soft­ware patch­es, and we’ve devel­oped a more-lay­ered defense,” he said.

Lynn laid out a draft cyber­strat­e­gy in the September/October issue of “For­eign Affairs” mag­a­zine. He said DOD is work­ing to final­ize the strat­e­gy.

“There’s no agreed-on def­i­n­i­tion of what con­sti­tutes a cyber­at­tack,” Lynn said. “It’s real­ly a range of things that can hap­pen — from exploita­tion and exfil­tra­tion of data to degra­da­tion of net­works to destruc­tion of net­works or even phys­i­cal equip­ment, phys­i­cal prop­er­ty. What we’re doing in our defense cyber­strat­e­gy is devel­op­ing appro­pri­ate respons­es and defens­es for each of those types of attacks.”

One ele­ment of the strat­e­gy –- work­ing with Home­land Defense to pro­tect crit­i­cal mil­i­tary and civil­ian IT infra­struc­ture -– was put into place Oct. 13, when Defense Sec­re­tary Robert M. Gates and Home­land Secu­ri­ty Sec­re­tary Janet Napoli­tano announced a new agree­ment to work togeth­er on cyber­se­cu­ri­ty.

The agree­ment includes a for­mal mech­a­nism for ben­e­fit­ing from the tech­ni­cal exper­tise of the Nation­al Secu­ri­ty Agency, or NSA, which is respon­si­ble for pro­tect­ing nation­al secu­ri­ty sys­tems, col­lect­ing relat­ed for­eign intel­li­gence, and enabling net­work war­fare.

Anoth­er ele­ment is what Lynn calls a “lay­ered defense, where you have intru­sion detec­tion and fire­walls but you also have a … lay­er that helps defend against attacks.”

In his draft strat­e­gy, Lynn describes the defense-lay­er com­po­nent of cyber­se­cu­ri­ty in terms of NSA-pio­neered sys­tems that “auto­mat­i­cal­ly deploy defens­es to counter intru­sions in real time. Part sen­sor, part sen­try, part sharp­shoot­er, these active defense sys­tems rep­re­sent a fun­da­men­tal shift in the U.S. approach to net­work defense.”

And, since no cyberde­fense sys­tem is per­fect, DOD requires “mul­ti­ple lay­ers of defense that give us bet­ter assur­ance of cap­tur­ing mal­ware before it gets to us,” Lynn said.

“We need the abil­i­ty to hunt on our own net­works to get [intrud­ers] that might get through and we need to con­tin­u­al­ly improve our defens­es,” he con­tin­ued. “We can’t stand still. The tech­nol­o­gy is going to con­tin­ue to advance and we have to keep pace with it.”

Envi­sioned attacks on mil­i­tary net­works could impair mil­i­tary pow­er, nation­al secu­ri­ty and the econ­o­my, Lynn said.

Ene­my cyber­at­tacks could deprive the mil­i­tary of the abil­i­ty to strike with pre­ci­sion and com­mu­ni­cate among forces and with head­quar­ters, he said, and it could impair logis­tics or trans­porta­tion net­works and elim­i­nate advan­tages that infor­ma­tion tech­nol­o­gy has giv­en mil­i­tary forces.

“Beyond that, cyber­at­tacks con­ceiv­ably could threat­en the nation­al econ­o­my if [adver­saries] were to go after the pow­er grid or finan­cial net­works or trans­porta­tion net­works, and that, too, would be a nation­al secu­ri­ty chal­lenge,” Lynn said. “And over the long run there’s a threat to our intel­lec­tu­al prop­er­ty … basi­cal­ly a theft of the life blood of our econ­o­my.”

Work­ing more close­ly with allies is an impor­tant ele­ment of the strat­e­gy, he said, to ensure a shared defense and an ear­ly warn­ing capa­bil­i­ty.

The NATO 2020 report right­ly iden­ti­fied the need for the alliance’s new 10-year strate­gic con­cept — a draft of which is an expect­ed prod­uct of the 2010 NATO Sum­mit slat­ed for Nov. 19–20 in Lis­bon, Por­tu­gal –- to fur­ther incor­po­rate cyberde­fense con­cepts Lynn wrote about in For­eign Affairs.

U.S. tech­no­log­i­cal advan­tages are a crit­i­cal part of the cyber­strat­e­gy and the Pen­ta­gon already is work­ing with indus­try and with the Defense Advanced Research Projects Agency to put these to work, Lynn said.

As part of a pub­lic-pri­vate part­ner­ship called the Endur­ing Secu­ri­ty Frame­work, Lynn wrote in his For­eign Affairs arti­cle, chief exec­u­tive offi­cers and chief tech­nol­o­gy offi­cers of major IT and defense com­pa­nies meet reg­u­lar­ly with top offi­cials from Defense, Home­land Secu­ri­ty and the Office of the Direc­tor of Nation­al Intel­li­gence.

DARPA also is work­ing on the Nation­al Cyber Range, a sim­u­lat­ed mod­el of the Inter­net that will enable the mil­i­tary to test its cyberde­fens­es before deploy­ing them in the field.

The Pentagon’s IT acqui­si­tion process also has to change, Lynn wrote in For­eign Affairs. It took Apple Inc. 24 months to devel­op the iPhone, he said, and at DOD it takes on aver­age about 81 months to devel­op and field a new com­put­er sys­tem after it is fund­ed.

“The Pen­ta­gon is devel­op­ing a spe­cif­ic acqui­si­tion track for infor­ma­tion tech­nol­o­gy,” Lynn wrote in For­eign Affairs, and it also is bol­ster­ing the num­ber of cyberde­fense experts who will lead the charge into the new cyber­war era.

The military’s glob­al com­mu­ni­ca­tions back­bone con­sists of 15,000 net­works and 7 mil­lion com­put­ing devices across hun­dreds of instal­la­tions in dozens of coun­tries, Lynn wrote. More than 90,000 peo­ple work full time to main­tain it, he said, but more are need­ed.

Through the estab­lish­ment of U.S. Cyber Com­mand and the bol­ster­ing of cyber­se­cu­ri­ty at oth­er defense agen­cies “we’ve great­ly increased the num­ber of cyber pro­fes­sion­als we have at DOD and will con­tin­ue to increase that,” Lynn told the Pen­ta­gon Chan­nel.”

Source:
U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs)

More news and arti­cles can be found on Face­book and Twit­ter.

Fol­low GlobalDefence.net on Face­book and/or on Twit­ter

Team GlobDef

Team GlobDef

Seit 2001 ist GlobalDefence.net im Internet unterwegs, um mit eigenen Analysen, interessanten Kooperationen und umfassenden Informationen für einen spannenden Überblick der Weltlage zu sorgen. GlobalDefenc.net war dabei die erste deutschsprachige Internetseite, die mit dem Schwerpunkt Sicherheitspolitik außerhalb von Hochschulen oder Instituten aufgetreten ist.

Alle Beiträge ansehen von Team GlobDef →