USA — Lynn Outlines Cyber Threats, Defensive Measures

WASHINGTON — An infect­ed flash dri­ve insert­ed into a Defense Depart­ment com­put­er in 2008 caused “a sig­nif­i­cant com­pro­mise” of the department’s clas­si­fied com­put­er net­works and was a “wake-up call” for Pen­ta­gon offi­cials to expe­dite cyber defense mea­sures, the deputy sec­re­tary of defense revealed in a new mag­a­zine arti­cle.

The pre­vi­ous­ly clas­si­fied inci­dent caused the most sig­nif­i­cant breach ever to U.S. mil­i­tary com­put­ers, William J. Lynn III wrote for an arti­cle appear­ing in the September/October issue of For­eign Affairs magazine. 

Titled “Defend­ing a New Domain,” the arti­cle out­lines the evo­lu­tion of com­put­er net­work threats and mea­sures the depart­ment has put into place to deal with them. The fre­quen­cy and sophis­ti­ca­tion of intru­sions into U.S. mil­i­tary net­works have increased expo­nen­tial­ly in the past 10 years, Lynn wrote. They now are probed thou­sands of times and scanned mil­lions of times, every day, he added. 

Some­times the adver­saries are suc­cess­ful, Lynn said, and they have acquired thou­sands of files from Defense Depart­ment net­works and those of the Pentagon’s indus­try part­ners and U.S. allies, includ­ing weapons blue­prints, oper­a­tional plans and sur­veil­lance data. 

To counter the threat, the Pen­ta­gon has built “lay­ered and robust defens­es” around mil­i­tary net­works and cre­at­ed the new U.S. Cyber Com­mand to inte­grate process­es, Lynn said. Depart­ment offi­cials are work­ing with their coun­ter­parts at the Home­land Secu­ri­ty Depart­ment, which has juris­dic­tion over the “dot-com” and “dot-gov” domains, to pro­tect the networks. 

The Defense Depart­ment has 15,000 net­works and 7 mil­lion com­put­ing devices in use in dozens of coun­tries, with 90,000 peo­ple work­ing to main­tain them, Lynn said, and it depends heav­i­ly on com­mer­cial indus­try for its net­work operations. 

“Infor­ma­tion tech­nol­o­gy enables almost every­thing the U.S. mil­i­tary does,” Lynn wrote, from logis­ti­cal sup­port and com­mand and con­trol to real-time intel­li­gence and remote oper­a­tions. Any future con­flict will include cyber­se­cu­ri­ty, he has said. 

In his arti­cle, Lynn out­lines five pil­lars of the department’s emerg­ing cyber­se­cu­ri­ty policy: 

— Cyber must be rec­og­nized as a war­fare domain equal to land, sea, and air; 

— Any defen­sive pos­ture must go beyond “good hygiene” to include sophis­ti­cat­ed and accu­rate oper­a­tions that allow rapid response; 

— Cyber defens­es must reach beyond the department’s dot-mil world into com­mer­cial net­works, as gov­erned by Home­land Security; 

— Cyber defens­es must be pur­sued with inter­na­tion­al allies for an effec­tive “shared warn­ing” of threats; and 

— The Defense Depart­ment must help to main­tain and lever­age U.S. tech­no­log­i­cal dom­i­nance and improve the acqui­si­tions process to keep up with the speed and agili­ty of the infor­ma­tion tech­nol­o­gy industry. 

Pen­ta­gon offi­cials are devel­op­ing a cyber strat­e­gy doc­u­ment to be released in the fall. It will address, among oth­er things, any statu­to­ry changes need­ed for cyber defense, and the capa­bil­i­ty for “auto­mat­ed defens­es,” such as the abil­i­ty block mal­ware at top speed, Lynn has said. 

U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs) 

Face­book and/or on Twit­ter

Team GlobDef

Seit 2001 ist im Internet unterwegs, um mit eigenen Analysen, interessanten Kooperationen und umfassenden Informationen für einen spannenden Überblick der Weltlage zu sorgen. war dabei die erste deutschsprachige Internetseite, die mit dem Schwerpunkt Sicherheitspolitik außerhalb von Hochschulen oder Instituten aufgetreten ist.

Alle Beiträge ansehen von Team GlobDef →