Wednesday, July 13, 2011

U.S. Department of Defense Outlines Cyberspace Strategy

The United States must be prepared to respond to hostile acts in cyberspace, said Deputy Secretary of Defense William J. Lynn, III, speaking at the National Defense University, Washington, D.C., and "reserves the right, under the laws of armed conflict, to respond to serious cyber attacks with a proportional and justified military response at the time and place of our choosing."

Lynn confirmed that in a single intrusion this March, cyber attackers stole 24,000 military files, including data on aircraft avionics, surveillance technologies, satellite communications systems, and network security protocols. He said the cyber exploitation being perpetrated against the defense industry cuts across a wide swath of crucial military hardware, extending from missile tracking systems and satellite navigation devices to UAVs and the Joint Strike Fighter.

Lynn outlined the DoD's first ever Strategy for Operating in Cyberspace centered around the goal of denying or at least minimizing the benefit of an cyber attack. The five pillars of this strategy include:

1. The Defense Department is treating cyberspace as an operational domain, like land, air, sea, and space.

2. DoD networks will implement active cyber defenses. These active defenses use sensors, software, and signatures to detect and stop malicious code before it affects operations.

3. The DoD will recognize the interconnectedness of cyberspace and the diversity of uses to which it is put, by individuals, in our economies, and across nations. The third pillar specifically recognizes that a number of non-military networks support important military functions -- including the power grid, transportation system, and financial sector. The DoD will work with the Department of Homeland Security and the private sector to protect the nation's critical infrastructure.

4. The logic of interconnectedness will be extended to allies and international partners. Our goal with them is to build collective cyber defenses. Collective cyber defenses will help expand our awareness of malicious activity and speed our ability to defend against ongoing attacks.

5. The DoD will aim to shift the technological landscape of cyber security to reduce the advantages the attacker presently enjoys relative to the defender on the Internet.

Over the past year, the DoD has committed half a billion dollars in R&D funds to accelerate research on advanced defensive technologies.

"The cyber threats we face are urgent, sometimes uncertain and potentially devastating as adversaries constantly search for vulnerabilities," said Deputy Secretary of Defense William J. Lynn III. "Our infrastructure, logistics network and business systems are heavily computerized. With 15,000 networks and more than seven million computing devices, DoD continues to be a target in cyberspace for malicious activity."

"Strong partnerships with other U.S. government departments and agencies, the private sector and foreign nations are crucial," said Lynn. "Our success in cyberspace depends on a robust public/private partnership. The defense of the military will matter little unless our civilian critical infrastructure is also able to withstand attacks." http://www.defense.gov