USA — Policy Official Notes Cybersecurity Challenges

WASHINGTON — Putting cyber­se­cu­ri­ty in place pos­es sig­nif­i­cant chal­lenges for the Defense Depart­ment, the gov­ern­ment as a whole and for crit­i­cal infra­struc­ture, the prin­ci­pal deputy assis­tant sec­re­tary of defense for pol­i­cy said today.

James N. Miller, said cyber­se­cu­ri­ty “is not a glass half full/glass half emp­ty sto­ry.”

“There is a glass,” he said. “It has some water in it. The water is dirty, and we have an insa­tiable thirst in this area.”

The issue has the atten­tion of all defense lead­ers, and progress is being made, Miller said. Con­fir­ma­tion of Army Lt. Gen. Kei­th Alexan­der to receive his fourth star and serve as the first chief of U.S. Cyber Com­mand is a pos­i­tive step, he added. The com­mand will stand up short­ly under U.S. Strate­gic Com­mand.

Mean­while, Miller said, the U.S. gov­ern­ment is work­ing on a cyber­se­cu­ri­ty strat­e­gy that’s expect­ed to be out soon. That strat­e­gy, he said, must be flex­i­ble to address the diverse and grow­ing threats of the future.

The chal­lenges are immense, Miller said. “We don’t real­ly under­stand the nature of the threat that we face,” he not­ed. But one thing that is clear, he said, is that the Defense Depart­ment relies heav­i­ly on infor­ma­tion tech­nol­o­gy, and ene­mies, crim­i­nal gangs and hack­ers are steal­ing ter­abytes of infor­ma­tion from The Defense Depart­ment and the rest of the gov­ern­ment.

The Defense Depart­ment alone has about 15,000 net­works, with mil­lions of users in 88 coun­tries.

Anoth­er threat comes from out­right attacks, Miller said, includ­ing denial-of-ser­vice attacks, virus­es and worms.

“Over the past decade, we have seen the fre­quen­cy and sophis­ti­ca­tion of intru­sions into our net­works increased,” he said. “Our net­works are scanned thou­sands of times an hour.” More than 100 for­eign intel­li­gence ser­vices are try­ing to get into Defense Depart­ment sys­tems, Miller added, and some for­eign mil­i­taries are devel­op­ing offen­sive cyber capa­bil­i­ties. Know­ing who is deliv­er­ing them is extreme­ly dif­fi­cult to pin down, he said, and foes will con­front the Unit­ed States using these cheap, asym­met­ric tools.

“The link­ages between intel­li­gence, offense and defense are par­tic­u­lar­ly impor­tant in cyber oper­a­tions,” Miller said. “The abil­i­ty to repel attack­ers is close­ly tied to the abil­i­ty to iden­ti­fy them.”

Cyber Com­mand will have three core mis­sions: defense of the mil­i­tary net­works, sup­port­ing on-going mil­i­tary oper­a­tions and plan­ning for future oper­a­tions, and sup­port­ing civil­ian efforts, as direct­ed. Alexan­der will remain as direc­tor of the Nation­al Secu­ri­ty Agency as he takes on lead­er­ship of Cyber Com­mand.

Much basic work remains to be done in the cyber­se­cu­ri­ty effort, Miller said, includ­ing deter­min­ing when a cyber event becomes an attack cov­ered by the law of armed con­flict. “At what point does it rise to such a lev­el that it becomes an act of aggres­sion?” he asked. “Those are legal ques­tions and pol­i­cy ques­tions we are try­ing to address.” Miller said there is a world of dif­fer­ence between cyber espi­onage and acts meant to degrade U.S. net­works or to input false data into those net­works.

“There is no way we are going to ful­ly defend against cyber espi­onage,” Miller said. “And we under­stand that not every­thing that hap­pens in cyber­space is an act of war. As we think of the role of cyber­space in sup­port­ing mil­i­tary oper­a­tions, and the role of cyber attacks as … the front-end of a kinet­ic mil­i­tary attack, then we would think about the poten­tial for respons­es that are not lim­it­ed to the cyber domain.”

Source:
U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs)

Team GlobDef

Team GlobDef

Seit 2001 ist GlobalDefence.net im Internet unterwegs, um mit eigenen Analysen, interessanten Kooperationen und umfassenden Informationen für einen spannenden Überblick der Weltlage zu sorgen. GlobalDefenc.net war dabei die erste deutschsprachige Internetseite, die mit dem Schwerpunkt Sicherheitspolitik außerhalb von Hochschulen oder Instituten aufgetreten ist.

Alle Beiträge ansehen von Team GlobDef →