USA — Policy Official Notes Cybersecurity Challenges

WASHINGTON — Putting cyber­se­cu­ri­ty in place pos­es sig­nif­i­cant chal­lenges for the Defense Depart­ment, the gov­ern­ment as a whole and for crit­i­cal infra­struc­ture, the prin­ci­pal deputy assis­tant sec­re­tary of defense for pol­i­cy said today.

James N. Miller, said cyber­se­cu­ri­ty “is not a glass half full/glass half emp­ty sto­ry.”

“There is a glass,” he said. “It has some water in it. The water is dirty, and we have an insa­tiable thirst in this area.”

The issue has the atten­tion of all defense lead­ers, and progress is being made, Miller said. Con­fir­ma­tion of Army Lt. Gen. Kei­th Alexan­der to receive his fourth star and serve as the first chief of U.S. Cyber Com­mand is a pos­i­tive step, he added. The com­mand will stand up short­ly under U.S. Strate­gic Com­mand.

Mean­while, Miller said, the U.S. gov­ern­ment is work­ing on a cyber­se­cu­ri­ty strat­e­gy that’s expect­ed to be out soon. That strat­e­gy, he said, must be flex­i­ble to address the diverse and grow­ing threats of the future.

The chal­lenges are immense, Miller said. “We don’t real­ly under­stand the nature of the threat that we face,” he not­ed. But one thing that is clear, he said, is that the Defense Depart­ment relies heav­i­ly on infor­ma­tion tech­nol­o­gy, and ene­mies, crim­i­nal gangs and hack­ers are steal­ing ter­abytes of infor­ma­tion from The Defense Depart­ment and the rest of the gov­ern­ment.

The Defense Depart­ment alone has about 15,000 net­works, with mil­lions of users in 88 coun­tries.

Anoth­er threat comes from out­right attacks, Miller said, includ­ing denial-of-ser­vice attacks, virus­es and worms.

“Over the past decade, we have seen the fre­quen­cy and sophis­ti­ca­tion of intru­sions into our net­works increased,” he said. “Our net­works are scanned thou­sands of times an hour.” More than 100 for­eign intel­li­gence ser­vices are try­ing to get into Defense Depart­ment sys­tems, Miller added, and some for­eign mil­i­taries are devel­op­ing offen­sive cyber capa­bil­i­ties. Know­ing who is deliv­er­ing them is extreme­ly dif­fi­cult to pin down, he said, and foes will con­front the Unit­ed States using these cheap, asym­met­ric tools.

“The link­ages between intel­li­gence, offense and defense are par­tic­u­lar­ly impor­tant in cyber oper­a­tions,” Miller said. “The abil­i­ty to repel attack­ers is close­ly tied to the abil­i­ty to iden­ti­fy them.”

Cyber Com­mand will have three core mis­sions: defense of the mil­i­tary net­works, sup­port­ing on-going mil­i­tary oper­a­tions and plan­ning for future oper­a­tions, and sup­port­ing civil­ian efforts, as direct­ed. Alexan­der will remain as direc­tor of the Nation­al Secu­ri­ty Agency as he takes on lead­er­ship of Cyber Com­mand.

Much basic work remains to be done in the cyber­se­cu­ri­ty effort, Miller said, includ­ing deter­min­ing when a cyber event becomes an attack cov­ered by the law of armed con­flict. “At what point does it rise to such a lev­el that it becomes an act of aggres­sion?” he asked. “Those are legal ques­tions and pol­i­cy ques­tions we are try­ing to address.” Miller said there is a world of dif­fer­ence between cyber espi­onage and acts meant to degrade U.S. net­works or to input false data into those net­works.

“There is no way we are going to ful­ly defend against cyber espi­onage,” Miller said. “And we under­stand that not every­thing that hap­pens in cyber­space is an act of war. As we think of the role of cyber­space in sup­port­ing mil­i­tary oper­a­tions, and the role of cyber attacks as … the front-end of a kinet­ic mil­i­tary attack, then we would think about the poten­tial for respons­es that are not lim­it­ed to the cyber domain.”

U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs)