Lynn Outlines New Cybersecurity Effort

PARIS, June 16, 2011 — Deputy Defense Sec­re­tary William J. Lynn III out­lined a pilot pro­gram here today in which the gov­ern­ment helps the defense indus­try in safe­guard­ing the infor­ma­tion their com­put­er sys­tems hold.

In a keynote address at the Cen­ter for Strate­gic Deci­sion Research’s 28th Inter­na­tion­al Work­shop on Glob­al Secu­ri­ty, Lynn described Defense Indus­tri­al Base Cyber Pilot — called “DIB Cyber Pilot” for short — in which the Defense Depart­ment, in part­ner­ship with the Depart­ment of Home­land Secu­ri­ty, shares clas­si­fied threat infor­ma­tion and the know-how to employ it with par­tic­i­pat­ing defense com­pa­nies or their Inter­net ser­vice providers to help them in defend­ing their com­put­er net­works from attack or exploitation. 

“Our defense indus­tri­al base is crit­i­cal to our mil­i­tary effec­tive­ness. Their net­works hold valu­able infor­ma­tion about our weapons sys­tems and their capa­bil­i­ties,” Lynn said. “The theft of design data and engi­neer­ing infor­ma­tion from with­in these net­works great­ly under­mines the tech­no­log­i­cal edge we hold over poten­tial adversaries.” 

Cur­rent coun­ter­mea­sures have slowed exploita­tion of U.S. defense indus­try net­works, but haven’t stopped it, the deputy sec­re­tary told the audi­ence, lead­ing to DIB Cyber Pilot’s estab­lish­ment last month with a hand­ful of defense-indus­try com­pa­nies, all of which vol­un­teered for the program. 

“By fur­nish­ing net­work admin­is­tra­tors with this threat intel­li­gence,” he said, “we will be able to strength­en the exist­ing cyber defens­es at defense companies.” 

Lynn empha­sized that the gov­ern­ment will not mon­i­tor, inter­cept or store any pri­vate-sec­tor com­mu­ni­ca­tions through the pro­gram. Rather, he said, threat intel­li­gence pro­vid­ed by the gov­ern­ment is help­ing the com­pa­nies them­selves, or the Inter­net ser­vice providers work­ing on their behalf, to iden­ti­fy and stop mali­cious activ­i­ty with­in their net­works. The pilot is vol­un­tary for all par­tic­i­pants, he added. 

Lynn expressed the hope that DIB Cyber Pilot could serve as an exam­ple of how a larg­er effort aimed at pro­tect­ing the nation’s crit­i­cal infra­struc­ture — its pow­er grid, trans­porta­tion sys­tem, finan­cial sys­tem and oth­er com­po­nents — might work. 

“Although this pilot breaks new ground on sev­er­al fronts, we have a long way to go, and a lot of work to do, before our crit­i­cal infra­struc­ture will be ful­ly secure,” he said. “But by estab­lish­ing a law­ful and effec­tive frame­work for the gov­ern­ment to help oper­a­tors of one crit­i­cal infra­struc­ture sec­tor defend their net­works, we hope the DIB Cyber Pilot can be the begin­ning of some­thing big­ger. It could serve as a mod­el that can be trans­port­ed to oth­er crit­i­cal infra­struc­ture sec­tors, under the lead­er­ship of the Depart­ment of Home­land Security.” 

Mean­while, Lynn said, attacks on mil­i­tary net­works pose a grow­ing threat. 

“Infor­ma­tion tech­nolo­gies have rev­o­lu­tion­ized how our mil­i­taries orga­nize, train and equip,” he said. “They are at the core of our most impor­tant mil­i­tary capa­bil­i­ties:
com­mu­ni­ca­tions, com­mand and con­trol, nav­i­ga­tion, and intel­li­gence, sur­veil­lance and recon­nais­sance. But for all the mil­i­tary capa­bil­i­ty that infor­ma­tion tech­nol­o­gy enables, it also intro­duces vulnerabilities. 

“We learned this les­son in 2008 when a for­eign intel­li­gence agency used a thumb dri­ve to pen­e­trate our clas­si­fied com­put­er sys­tems — some­thing we thought was impos­si­ble,” he con­tin­ued. “It was our worst fear: a rogue pro­gram oper­at­ing silent­ly on our sys­tem, poised to deliv­er oper­a­tional plans into the hands of an enemy.” 

Net­work exploita­tion — the theft of data from both gov­ern­ment and com­mer­cial net­works — has been the most preva­lent cyber threat to date, Lynn said. For­eign intel­li­gence ser­vices have stolen mil­i­tary plans and weapons sys­tems designs, and valu­able source code and intel­lec­tu­al prop­er­ty has been stolen from busi­ness and uni­ver­si­ties. Recent intru­sions at the Inter­na­tion­al Mon­e­tary Fund, Lock­heed Mar­tin and Citibank join oth­ers in the oil and gas sec­tor, at Nas­daq and at Google as fur­ther, trou­bling instances of a wide­spread and seri­ous phe­nom­e­non, he added. 

“This kind of cyber exploita­tion does not have the dra­mat­ic impact of a con­ven­tion­al mil­i­tary attack,” Lynn said. “But over the long term, it has a cor­ro­sive effect that in some ways is more dam­ag­ing. It blunts our edge in mil­i­tary tech­nol­o­gy and saps our com­pet­i­tive­ness in the glob­al economy.” 

Though exploita­tion has been the most com­mon type of attack, the deputy sec­re­tary said, net­work dis­rup­tion has emerged as a sec­ond cyber threat. In this type of attack, he explained, intrud­ers seek to deny or degrade the use of impor­tant gov­ern­ment or com­mer­cial net­works. Such attacks occurred against Esto­nia in 2007 and against Geor­gia in 2008, he added, and an attack tar­get­ing eBay and Pay­Pal was along sim­i­lar lines. 

“To this point, the dis­rup­tive attacks we have seen are rel­a­tive­ly unso­phis­ti­cat­ed in nature, large­ly reversible, and short in dura­tion,” Lynn said. “But in the future, more capa­ble adver­saries could poten­tial­ly immo­bi­lize net­works on an even wider scale, for longer peri­ods of time.” 

A third type of cyber attack — destruc­tion — is the most dan­ger­ous because it uses cyber tools to cause phys­i­cal dam­age, Lynn said. 

“This devel­op­ment — which would mark a strate­gic shift in the cyber threat — is only just emerg­ing,” he said. “But when you look at what tools are avail­able, it is clear that this capa­bil­i­ty exists. It is pos­si­ble to imag­ine attacks on mil­i­tary net­works or on crit­i­cal infra­struc­ture like the trans­porta­tion sys­tem and ener­gy sec­tor that cause severe eco­nom­ic dam­age, phys­i­cal destruc­tion or even loss of life.” 

Lynn acknowl­edged the pos­si­bil­i­ty that a destruc­tive cyber attack might nev­er take place. 

“Regret­tably, how­ev­er, few weapons in the his­to­ry of war­fare, once cre­at­ed, have gone unused,” he added. “For this rea­son, we must have the capa­bil­i­ty to defend against the full range of cyber threats.” 

As the cyber threat con­tin­ues to move up a lad­der of esca­la­tion from exploita­tion to dis­rup­tion and, ulti­mate­ly, to destruc­tion, Lynn said, the groups that pos­sess these capa­bil­i­ties also are like­ly to expand in dan­ger­ous directions. 

The high­est lev­els of cyber capa­bil­i­ties reside almost entire­ly in sophis­ti­cat­ed nation-states, and so far, they pri­mar­i­ly have deployed their capa­bil­i­ties to exploit and occa­sion­al­ly dis­rupt net­works, rather than to destroy them, Lynn said. 

“Although we can­not dis­miss the threat of a rogue state lash­ing out, most nations have no more inter­est in con­duct­ing a destruc­tive cyber attack against us than they do a con­ven­tion­al mil­i­tary attack,” he said. “The risk for them is too great. Our mil­i­tary pow­er pro­vides a strong deter­rent. … We nev­er­the­less must pre­pare for the like­li­hood that cyber attacks will be part of any future con­ven­tion­al con­flict. We need cyber capa­bil­i­ties that will allow us to deter and to defend against the most skilled nation-state.” 

How­ev­er, Lynn added, the threat of a ter­ror­ist group gain­ing dis­rup­tive or destruc­tive cyber capa­bil­i­ties may be the greater and more imme­di­ate concern. 

“Al-Qai­da, which has vowed to unleash cyber attacks, has not yet done so,” he said. “But it is pos­si­ble for a ter­ror­ist group to devel­op cyber attack tools on their own or to buy them on the black mar­ket. The nature of cyber is that a cou­ple dozen tal­ent­ed pro­gram­mers, using off-the-shelf equip­ment, can inflict a lot of dam­age. More­over, with few tan­gi­ble assets to lose in a con­fronta­tion, ter­ror­ists groups are very dif­fi­cult to deter. 

“We have to assume that in cyber, as in oth­er areas, if ter­ror­ists have the means to strike, they will do so,” Lynn added. 

U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs) 

Face­book and/or on Twit­ter

Team GlobDef

Seit 2001 ist im Internet unterwegs, um mit eigenen Analysen, interessanten Kooperationen und umfassenden Informationen für einen spannenden Überblick der Weltlage zu sorgen. war dabei die erste deutschsprachige Internetseite, die mit dem Schwerpunkt Sicherheitspolitik außerhalb von Hochschulen oder Instituten aufgetreten ist.

Alle Beiträge ansehen von Team GlobDef →