BRUSSELS, Belgium, , Sept. 15, 2010 — Deputy Defense Secretary William J. Lynn III detailed the Defense Department’s new cybersecurity strategy here today.
Lynn – who spoke at a gathering sponsored by the Security and Defense Agenda after meetings at NATO and the Supreme Headquarters Allied Powers Europe on cybersecurity – described the strategy as having five “pillars.”
The first pillar is the recognition that cyberspace is a new domain of warfare, Lynn said.
“Like air, sea, land and space, we’re going to have to treat cyberspace as an arena where we need to defend our networks and to be able to operate freely,” he explained.
There are obvious differences, the deputy secretary acknowledged. Cyberspace is man-made, he said, and much of the infrastructure is in private hands. But this does not mean it’s not critical to military effectiveness, he added.
“We need to treat it organizationally as a domain – we need training, we need doctrine, we need all the elements we apply to any other domain,” he said. “That’s the fundamental reason that the U.S. stood up the United States Cyber Command.”
The new command has the lines of authority to man, train and equip for the new domain, he said.
The strategy’s second pillar is defenses that go beyond passive ones. “You cannot have a fortress mentality in this arena,” he said.
The two main passive defenses – simple computer hygiene and firewalls – will catch about 70 to 80 percent of the attacks, Lynn said. To get the rest, he added, “We need active defenses, using sensors that are able to act at network speed to detect and then block the attacks on our networks.”
“You also need the ability to hunt and attack on your own networks to get the intruders who do get past the initial defenses,” he said.
The third pillar is to ensure the safety of critical infrastructures. “It won’t do any good to protect military networks if your power goes down,” said the deputy secretary explained.
Collective defense is the strategy’s fourth pillar. “There is a strong logic to collective defense in the cyber arena,” Lynn said. “The more attack signatures you are able to detect early and build those into your defenses, the stronger your defenses will be.”
He likened this pillar to the Cold War strategy of shared early warning. “Just as our missile defenses have been linked, so too, our cyber defenses have to be linked as well,” the deputy secretary said.
The fifth pillar, Lynn said, is to keep the technological advantage.
“We have a lead in information technology, and it is critical to both our security and our economies to maintain that,” he said. “We have to marshal our technological dominance to ensure that the superior military capabilities we’ve developed are maintained.”
Improving training, developing artificial intelligence capabilities and tools such as an Internet training range are among the investments the United States is making to maintain this lead, Lynn said.
U.S. Department of Defense
Office of the Assistant Secretary of Defense (Public Affairs)