Lynn Explains U.S. Cybersecurity Strategy

BRUSSELS, Bel­gium, , Sept. 15, 2010 — Deputy Defense Sec­re­tary William J. Lynn III detailed the Defense Department’s new cyber­se­cu­ri­ty strat­e­gy here today.

Lynn – who spoke at a gath­er­ing spon­sored by the Secu­ri­ty and Defense Agen­da after meet­ings at NATO and the Supreme Head­quar­ters Allied Pow­ers Europe on cyber­se­cu­ri­ty – described the strat­e­gy as hav­ing five “pil­lars.”

The first pil­lar is the recog­ni­tion that cyber­space is a new domain of war­fare, Lynn said. 

“Like air, sea, land and space, we’re going to have to treat cyber­space as an are­na where we need to defend our net­works and to be able to oper­ate freely,” he explained. 

There are obvi­ous dif­fer­ences, the deputy sec­re­tary acknowl­edged. Cyber­space is man-made, he said, and much of the infra­struc­ture is in pri­vate hands. But this does not mean it’s not crit­i­cal to mil­i­tary effec­tive­ness, he added. 

“We need to treat it orga­ni­za­tion­al­ly as a domain – we need train­ing, we need doc­trine, we need all the ele­ments we apply to any oth­er domain,” he said. “That’s the fun­da­men­tal rea­son that the U.S. stood up the Unit­ed States Cyber Command.” 

The new com­mand has the lines of author­i­ty to man, train and equip for the new domain, he said. 

The strategy’s sec­ond pil­lar is defens­es that go beyond pas­sive ones. “You can­not have a fortress men­tal­i­ty in this are­na,” he said. 

The two main pas­sive defens­es – sim­ple com­put­er hygiene and fire­walls – will catch about 70 to 80 per­cent of the attacks, Lynn said. To get the rest, he added, “We need active defens­es, using sen­sors that are able to act at net­work speed to detect and then block the attacks on our networks.” 

“You also need the abil­i­ty to hunt and attack on your own net­works to get the intrud­ers who do get past the ini­tial defens­es,” he said. 

The third pil­lar is to ensure the safe­ty of crit­i­cal infra­struc­tures. “It won’t do any good to pro­tect mil­i­tary net­works if your pow­er goes down,” said the deputy sec­re­tary explained. 

Col­lec­tive defense is the strategy’s fourth pil­lar. “There is a strong log­ic to col­lec­tive defense in the cyber are­na,” Lynn said. “The more attack sig­na­tures you are able to detect ear­ly and build those into your defens­es, the stronger your defens­es will be.” 

He likened this pil­lar to the Cold War strat­e­gy of shared ear­ly warn­ing. “Just as our mis­sile defens­es have been linked, so too, our cyber defens­es have to be linked as well,” the deputy sec­re­tary said. 

The fifth pil­lar, Lynn said, is to keep the tech­no­log­i­cal advantage. 

“We have a lead in infor­ma­tion tech­nol­o­gy, and it is crit­i­cal to both our secu­ri­ty and our economies to main­tain that,” he said. “We have to mar­shal our tech­no­log­i­cal dom­i­nance to ensure that the supe­ri­or mil­i­tary capa­bil­i­ties we’ve devel­oped are maintained.” 

Improv­ing train­ing, devel­op­ing arti­fi­cial intel­li­gence capa­bil­i­ties and tools such as an Inter­net train­ing range are among the invest­ments the Unit­ed States is mak­ing to main­tain this lead, Lynn said. 

Source:
U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs) 

Face­book and/or on Twit­ter