Lynn Gains IT Industry’s Cybersecurity Perspective

SAN FRANCISCO, Feb. 16, 2011 — Deputy Defense Sec­re­tary William J. Lynn III returned yes­ter­day from a two-day cyber­se­cu­ri­ty-focused trip here that includ­ed a keynote speech and meet­ings with indus­try lead­ers.
Through­out his vis­it, Lynn focused on com­mu­ni­cat­ing with infor­ma­tion tech­nol­o­gy pro­fes­sion­als, whom he terms crit­i­cal to nation­al efforts to pro­tect key defense and eco­nom­ic net­works.

The long-term objec­tive for cyber­se­cu­ri­ty, Lynn not­ed, is to impose “more costs” on cyber attack­ers with­out depriv­ing the Inter­net of its dynamism.

“Across the board, we heard from all of these com­pa­nies that this is pos­si­ble,” he said. “It’s not fast. It’s not like we can put a patch out. This is a more fun­da­men­tal re-engi­neer­ing, but I think it is pos­si­ble with­out huge dis­rup­tion.”

Dur­ing a speech at the RSA Con­fer­ence 2011 and in meet­ings with exec­u­tives from small tech start-up com­pa­nies and infor­ma­tion tech­nol­o­gy giants such as Intel, Google and Microsoft, the deputy sec­re­tary stressed a few key themes:

— Threats to the cyber domain are var­ied and will increase;

— Action now can main­tain the nation’s mil­i­tary and eco­nom­ic edge in that domain; and

— A com­bined whole-of-gov­ern­ment and indus­try effort is nec­es­sary in the cyber­se­cu­ri­ty effort.

“The [cyber] threat is still matur­ing,” Lynn told reporters at the con­fer­ence, which brought togeth­er thou­sands of secu­ri­ty, crypt­an­a­lyst and infor­ma­tion tech­nol­o­gy pro­fes­sion­als.

Though the threat cur­rent­ly is lim­it­ed most­ly to exploita­tion and dis­rup­tion efforts, Lynn said dur­ing his speech, the capa­bil­i­ty for destruc­tive attacks exists. He added that on the exploita­tion front, more than 100 for­eign intel­li­gence ser­vices have launched attempts to infil­trate Defense Depart­ment net­works.

Dis­rup­tion or denial-of-ser­vice attacks are a more ele­vat­ed cyber threat, he said. Lynn cit­ed such attacks in Esto­nia in 2007 and the for­mer Sovi­et repub­lic of Geor­gia in 2008, and, more recent­ly, a hack­er group’s tar­get­ing of eBay and Pay­Pal as prime exam­ples of such attacks.

Destruc­tive attacks, using cyber tools to cause phys­i­cal dam­age, are emerg­ing only now as a threat, the deputy sec­re­tary said.

“The threat we see today is prob­a­bly not the threat we’re going to see tomor­row,” Lynn said. “We need to get ahead of that game.”

The cyber threat is like­ly to increase in two direc­tions, Lynn said: up the lad­der of esca­la­tion from exploita­tion to destruc­tion, and from nation-states to non­state actors.

“We’re at this tran­si­tion point now, which actu­al­ly gives us a lit­tle time where the most destruc­tive capa­bil­i­ties are not in the hands of the peo­ple who would be most like­ly to use them,” he said. That addi­tion­al time offers a chance to strength­en the cyber domain against devel­op­ing threats, he added.

Lynn empha­sized the need for urgency in devel­op­ing a strat­e­gy and get­ting cyberde­fense capa­bil­i­ties in place. The deputy sec­re­tary also reit­er­at­ed anoth­er key point from his speech: cyberde­fense can­not be likened to tra­di­tion­al mil­i­tary mis­sions, such as air defense.

Cyber and much of the crit­i­cal infra­struc­ture it touch­es — such as pow­er grids and trans­porta­tion net­works — is large­ly in the pri­vate sec­tor, he not­ed.

“We need this pub­lic-pri­vate part­ner­ship, and we need a part­ner­ship across the whole of gov­ern­ment,” he said.

Lynn point­ed out that the Defense Depart­ment plays a sup­port­ing role with­in U.S. bor­ders.

DOD has capa­bil­i­ties, but in terms of pro­tect­ing crit­i­cal infra­struc­ture, the lead agency there is the Depart­ment of Home­land Secu­ri­ty,” he said. “We work through them, just as we do on hur­ri­cane relief.”

Lynn said his meet­ings here this week with infor­ma­tion tech­nol­o­gy pio­neers offered an oppor­tu­ni­ty to seek industry’s views on “chang­ing the bal­ance” in an IT infra­struc­ture that now favors attack­ers.

Alter­ing the Internet’s offense-defense bal­ance will take a num­ber of years, the deputy sec­re­tary said, but he added that he is encour­aged that indus­try lead­ers told him soft­ware and hard­ware tech­nolo­gies are avail­able that can help in achiev­ing that objec­tive.

“In the inter­im, we’re pur­su­ing robust defens­es,” he said.

Lynn, who has made cyber­se­cu­ri­ty a pri­or­i­ty in his inter­ac­tions with oth­er mil­i­taries, NATO part­ners and pri­vate indus­try, received the 2011 RSA Con­fer­ence award for excel­lence in pub­lic pol­i­cy.

Source:
U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs)

More news and arti­cles can be found on Face­book and Twit­ter.

Fol­low GlobalDefence.net on Face­book and/or on Twit­ter

Team GlobDef

Team GlobDef

Seit 2001 ist GlobalDefence.net im Internet unterwegs, um mit eigenen Analysen, interessanten Kooperationen und umfassenden Informationen für einen spannenden Überblick der Weltlage zu sorgen. GlobalDefenc.net war dabei die erste deutschsprachige Internetseite, die mit dem Schwerpunkt Sicherheitspolitik außerhalb von Hochschulen oder Instituten aufgetreten ist.

Alle Beiträge ansehen von Team GlobDef →