Lynn Urges Partnership Against Cyber Threat

SAN FRANCISCO, Feb. 15, 2011 — Gov­ern­ment and indus­try must work more close­ly togeth­er to counter the grow­ing threat to the nation’s cyber net­works, Deputy Defense Sec­re­tary William J. Lynn told infor­ma­tion tech­nol­o­gy pro­fes­sion­als here today.
The Defense Depart­ment and oth­er fed­er­al depart­ments and agen­cies need to pur­sue or expand avenues in infor­ma­tion shar­ing, strength­en­ing net­work archi­tec­ture, and extend­ing government’s net­work defens­es to pri­vate net­works key to nation­al secu­ri­ty and the econ­o­my, he said dur­ing a keynote speech at the annu­al RSA Con­fer­ence for Inter­net secu­ri­ty.

Lynn told thou­sands gath­ered for the con­fer­ence that the pri­vate sector’s role in defend­ing the cyber domain is crit­i­cal. Unlike the sea, air, land and space domains, cyber is not an area where mil­i­tary pow­er alone can dom­i­nate, he said.

“The over­whelm­ing per­cent­age of our nation’s crit­i­cal [infor­ma­tion] infra­struc­ture, includ­ing the Inter­net itself, is in pri­vate hands,” Lynn not­ed. It will take the country’s “vast tech­no­log­i­cal and human resources to ensure the Unit­ed States retains its pre­em­i­nent capa­bil­i­ties in cyber­space, as it does in all the oth­er domains,” he said.

Telecom­mu­ni­ca­tions providers have “unpar­al­leled vis­i­bil­i­ty” into glob­al net­works and often pos­sess the best oper­a­tional capac­i­ty to respond to sys­tem assaults, Lynn said. “They can detect attacks tran­sit­ing their sys­tems, and in many cas­es, alert cus­tomers,” he added.

Infor­ma­tion-shar­ing efforts are well under­way, with indus­try and gov­ern­ment exec­u­tives meet­ing reg­u­lar­ly as part of a part­ner­ship known as the Endur­ing Secu­ri­ty Frame­work, Lynn said. The frame­work “not only helps iden­ti­fy vul­ner­a­bil­i­ties, it also mobi­lizes gov­ern­ment and indus­try exper­tise to address secu­ri­ty risks before harm is done,” he said.

More work is need­ed, the deputy sec­re­tary said, because net­work attack­ers have an inher­ent advan­tage. Because the Inter­net was designed to be open and inter­op­er­a­ble, secu­ri­ty and iden­ti­ty man­age­ment were sec­ondary in its design.

“You can see just how sig­nif­i­cant this advan­tage is by com­par­ing anti-virus soft­ware to the mal­ware it’s designed to defeat,” Lynn said. “Sophis­ti­cat­ed anti-virus suites now run on about 10 mil­lion lines of code … up from one mil­lion lines in only a decade. Yet mal­ware writ­ten with as lit­tle as 125 lines of code has remained able to pen­e­trate anti-virus soft­ware across this same peri­od.”

Gov­ern­ment agen­cies need the sci­en­tif­ic com­mu­ni­ty to help strength­en net­work archi­tec­ture, he said.

“We must embed high­er lev­els of secu­ri­ty and authen­ti­ca­tion in hard­ware, oper­at­ing sys­tems, and net­work pro­to­cols,” Lynn said. The Nation­al Strat­e­gy for Trust­ed Iden­ti­ties in Cyber­space, a White House ini­tia­tive, “will lay one build­ing block of this more secure future,” he said.

“It will take the course of a gen­er­a­tion to have a real oppor­tu­ni­ty to engi­neer our way out of some of the most prob­lem­at­ic vul­ner­a­bil­i­ties of today’s tech­nol­o­gy,” he said.

To spur secu­ri­ty improve­ments, the Defense Depart­ment is adding $500 mil­lion for new research in cyber tech­nolo­gies, with a focus on areas like cloud com­put­ing, vir­tu­al­iza­tion, and encrypt­ed pro­cess­ing, Lynn said. The depart­ment also is pro­vid­ing seed cap­i­tal to com­pa­nies through its “Cyber Accel­er­a­tor” pilot pro­gram to pro­duce dual-use tech­nolo­gies that address cyber secu­ri­ty needs, he said.

The depart­ment must speed its adop­tion of these new tech­nolo­gies, Lynn said.

“It cur­rent­ly takes the Pen­ta­gon 81 months to field a new infor­ma­tion tech­nol­o­gy sys­tem. The iPhone was devel­oped in just 24 months,” he said. “We have to close this gap, and Sil­i­con Val­ley can help us.”

The Pen­ta­gon will expand its Infor­ma­tion Tech­nol­o­gy Exchange Pro­gram, which man­ages tem­po­rary “job-swaps” between the depart­ment and indus­try IT experts, he announced.

“We want senior IT man­agers in the depart­ment to incor­po­rate more com­mer­cial prac­tices,” he said. “And we want sea­soned indus­try pro­fes­sion­als to expe­ri­ence, first-hand, the unique chal­lenges we face at DOD.”

Lynn also announced that DOD is begin­ning a pro­gram to max­i­mize its use of cyber exper­tise with­in the Nation­al Guard and Reserve.

Many reservists have a high lev­el of IT knowl­edge they use in their civil­ian jobs, Lynn said. To make bet­ter use of those skills, he added, DOD will increase the num­ber of Guard and Reserve units ded­i­cat­ed to cyber mis­sions.

At the same time, the depart­ment is work­ing to extend its exper­tise to indus­try.

“Because of our intel­li­gence capa­bil­i­ties, gov­ern­ment has a deep and unique aware­ness of cer­tain cyber threats,” he said. “Through clas­si­fied threat-based infor­ma­tion, and the tech­nol­o­gy we have devel­oped to employ it in net­work defense, we can sig­nif­i­cant­ly increase the effec­tive­ness of cyber secu­ri­ty prac­tices that indus­try is already car­ry­ing out.”

The depart­ment already shares some unclas­si­fied threat infor­ma­tion with defense com­pa­nies that have net­works con­tain­ing sen­si­tive infor­ma­tion, Lynn said. He added that a press­ing pol­i­cy ques­tion remains as to whether clas­si­fied sig­na­tures and their sup­port­ing tech­nol­o­gy should be shared across the full range of indus­tri­al sec­tors sup­port­ing the mil­i­tary and the econ­o­my.

“The real chal­lenge, at this point, is devel­op­ing the legal and pol­i­cy frame­work to do so,” he said.

Secur­ing the nation’s net­works will require unprece­dent­ed indus­try and gov­ern­ment coop­er­a­tion, Lynn said.

“With the threats we face, work­ing togeth­er is not only a nation­al imper­a­tive,” he said. “It is also one of the great tech­ni­cal chal­lenges of our time.”

Source:
U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs)

More news and arti­cles can be found on Face­book and Twit­ter.

Fol­low GlobalDefence.net on Face­book and/or on Twit­ter

Team GlobDef

Team GlobDef

Seit 2001 ist GlobalDefence.net im Internet unterwegs, um mit eigenen Analysen, interessanten Kooperationen und umfassenden Informationen für einen spannenden Überblick der Weltlage zu sorgen. GlobalDefenc.net war dabei die erste deutschsprachige Internetseite, die mit dem Schwerpunkt Sicherheitspolitik außerhalb von Hochschulen oder Instituten aufgetreten ist.

Alle Beiträge ansehen von Team GlobDef →