USA/Kanada — Lynn: Cyber Attack Would Affect U.S., Canadian Links

OTTAWA, June 14, 2010 — The links between the Unit­ed States and Cana­da are so strong that a cyber attack on one would be felt with­in mil­lisec­onds by the oth­er, and both coun­tries must work togeth­er to improve cyber­se­cu­ri­ty, the deputy defense sec­re­tary said here today.

Dur­ing an inter­view fol­low­ing a speech to the Con­fer­ence of Defence Asso­ci­a­tions, William J. Lynn III said there is an urgency in both nations to take on the cyber­se­cu­ri­ty chal­lenge.

The Unit­ed States and Cana­da are linked togeth­er in every way from mil­i­tary to infra­struc­ture to eco­nom­ics. U.S. banks oper­ate in Cana­da, and Cana­di­an banks oper­ate in Amer­i­ca. Ford has auto plants in Cana­da, and Bom­bardier Inc. has U.S. plants. The Cana­di­an and U.S. telecom­mu­ni­ca­tions sec­tors are so inter­twined they couldn’t pos­si­bly be sep­a­rat­ed, and pow­er from Cana­di­an plants at Nia­gara Falls ensure New York City and much of the East­ern seaboard remains light­ed. And Cana­di­an and U.S. ser­vice­mem­bers man the North Amer­i­can Aero­space Defense Com­mand to pro­tect the con­ti­nent.

All rely on infor­ma­tion tech­nol­o­gy, and all pos­si­bly can be tar­gets for rogue nations, ter­ror­ists or crim­i­nal groups, Lynn not­ed.

“A crit­i­cal part of how we improve is work­ing togeth­er with our allies,” the deputy sec­re­tary said. “We start­ed with our clos­est allies – we’ve talked to the UK and Aus­tralia and Cana­da – and we will build out to a larg­er NATO audi­ence as we work through this. But both geog­ra­phy and the close­ness of the alliance with Cana­da, makes Cana­da a par­tic­u­lar­ly impor­tant part­ner as we tack­le these threats.”

Lynn met with Deputy Min­is­ter of Nation­al Defense Robert Fon­berg and Nation­al Secu­ri­ty Advi­sor Marie-Lucie Morin today. Accom­pa­nied by the U.S. Ambas­sador to Cana­da David Jacob­son, Lynn said he had a good recep­tion about defense devel­op­ments and cyber­se­cu­ri­ty in par­tic­u­lar.

The lead­ers dis­cussed ways to increase part­ner­ship against the cyber threat. “I think it’s more a high-lev­el exchange of experts right now,” Lynn said. “We need a bet­ter under­stand­ing of the pol­i­cy issues. We already have a good tech­no­log­i­cal exchange based on the sig­nals intel­li­gence shar­ing agree­ments.”

The Unit­ed States and Cana­da need to work inside their own gov­ern­ments and with oth­er nations to define the inter­na­tion­al norms that apply.

“The laws of war are frankly imper­fect when you address cyber­se­cu­ri­ty,” Lynn said. “How do you adapt them? How do you have appro­pri­ate con­straints and rules and process­es that peo­ple can agree on?”

He point­ed to the the­o­ry of deter­rence in the cyber­world. Before a coun­try can deter an ene­my, it has to know who is launch­ing the attack.

“In the nuclear are­na … there were cer­tain things that you had that you don’t have in the cyber­world. One is attri­bu­tion,” he said. “Mis­siles come with a return address. You know who launched it.”

But in cyber­space it is often dif­fi­cult to iden­ti­fy the attack­er, and even when it can be done, it may take months, Lynn said.

Sim­i­lar­ly, there is a lot of gray areas in exact­ly what con­sti­tutes an attack in this realm.

“In the nuclear world it was pret­ty clear,” he said. “In the cyber area, if they are steal­ing data, is that an attack? What if they shut down cer­tain web­sites, is that an attack? You get to loss of life and huge eco­nom­ic dam­age – that peo­ple would agree [it’s an attack].

“And then what about coun­ter­ing?” he con­tin­ued. “If you are not sure it’s an attack and you can’t attribute it, who do you go after?”

Most peo­ple are focused on high-end threats from nation states, but a mod­er­ate­ly resourced ter­ror­ist group or crim­i­nal gang can devel­op and launch a pret­ty dev­as­tat­ing cyber attack, Lynn said.

“Deter­rence works if the oth­er side has some­thing to lose,” he said. “These groups may not have any­thing.”

The Unit­ed States will con­tin­ue these dis­cus­sions with its clos­est allies and then roll them right into NATO.

“We’re look­ing to have mutu­al­ly sup­port­ive approach­es,” Lynn said. “How inte­grat­ed that would need to be is some­thing we need to define. In NATO’s new strate­gic con­cept, cyber plays a vital role, and NATO will be tack­ling this issue as an alliance. And that’s impor­tant. We need to work our way through this.

“We real­ly do need a col­lab­o­ra­tive, joint approach,” he con­tin­ued. “It won’t do to approach these things singly and inde­pen­dent­ly.”

Lynn will con­tin­ue meet­ings with Cana­di­an offi­cials tomor­row.

U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs)