WASHINGTON: With the creation of the U.S. Cyber Command in May and last week’s cybersecurity agreement between the departments of Defense and Homeland Security, DOD officials are ready to add cyberspace to sea, land, air and space as the latest domain of warfare, Deputy Defense Secretary William J. Lynn III said Oct. 14.
“Information technology provides us with critical advantages in all of our warfighting domains, so we need to protect cyberspace to enable those advantages,” Secretary Lynn said.
Adversaries may be able to undermine the military’s advantages in conventional areas by attacking the nation’s military and commercial information technology, or IT, infrastructure, Secretary Lynn said.
This threat has “opened up a whole new asymmetry in future warfare,” the deputy defense secretary said.
DOD’s focus on cyberdefense began in 2008 with a previously classified incident in the Middle East ,in which a flash drive inserted malware into classified military networks, Secretary Lynn said.
“We realized we couldn’t rely on passive defenses and firewalls and software patches, and we’ve developed a more-layered defense,” he said.
Secretary Lynn laid out a draft cyberstrategy in the September/October issue of “Foreign Affairs” magazine. He said DOD officials are working to finalize the strategy.
“There’s no agreed-on definition of what constitutes a cyberattack,” Secretary Lynn said. “It’s really a range of things that can happen, from exploitation and exfiltration of data to degradation of networks, to destruction of networks or even physical equipment, (or) physical property. What we’re doing in our Defense cyberstrategy is developing appropriate responses and defenses for each of those types of attacks.”
One element of the strategy, working with Homeland Defense to protect critical military and civilian IT infrastructure, was put into place Oct. 13, when Defense Secretary Robert M. Gates and Homeland Security Secretary Janet Napolitano announced a new agreement to work together on cybersecurity.
The agreement includes a formal mechanism for benefiting from the technical expertise of the National Security Agency which is responsible for protecting national security systems, collecting related foreign intelligence and enabling network warfare.
Another element is what Lynn calls a “layered defense, where you have intrusion detection and firewalls, but you also have a … layer that helps defend against attacks.”
In his draft strategy, Secretary Lynn described the defense-layer component of cybersecurity in terms of NSA-pioneered systems that “automatically deploy defenses to counter intrusions in real time. Part sensor, part sentry, part sharpshooter, these active defense systems represent a fundamental shift in the U.S. approach to network defense.”
And, since no cyberdefense system is perfect, DOD officials require “multiple layers of defense that give us better assurance of capturing malware before it gets to us,” Secretary Lynn said.
“We need the ability to hunt on our own networks to get (intruders who) might get through, and we need to continually improve our defenses,” he said. “We can’t stand still. The technology is going to continue to advance, and we have to keep pace with it.”
Envisioned attacks on military networks could impair military power, national security and the economy, Secretary Lynn said.
Enemy cyberattacks could deprive the military of the ability to strike with precision and communicate among forces and with headquarters, he said. It could impair logistics or transportation networks and eliminate advantages that information technology has given military forces.
“Beyond that, cyberattacks conceivably could threaten the national economy if (adversaries) were to go after the power grid or financial networks or transportation networks, and that, too, would be a national security challenge,” Secretary Lynn said. “And over the long run, there’s a threat to our intellectual property … basically a theft of the lifeblood of our economy.”
Working more closely with allies is an important element of the strategy to ensure a shared defense and an early warning capability, he said.
The NATO 2020 report identified the need for the alliance’s new 10-year strategic concept to further incorporate cyberdefense concepts Secretary Lynn wrote about in Foreign Affairs.
U.S. technological advantages are a critical part of the cyberstrategy, and the Pentagon already is working with industry and with the Defense Advanced Research Projects Agency to put these to work, Secretary Lynn said.
As part of a public-private partnership called the Enduring Security Framework, Secretary Lynn wrote, chief executive officers and chief technology officers of major IT and defense companies meet regularly with top officials from the DOD, Homeland Security, and the Office of the Director of National Intelligence.
DARPA also is working on the National Cyber Range, a simulated model of the Internet that will enable the military to test its cyberdefenses before deploying them in the field.
The Pentagon’s IT acquisition process also has to change, Secretary Lynn wrote.
It took Apple Inc. 24 months to develop the iPhone, he said, and at DOD, it takes on average about 81 months to develop and field a new computer system after it is funded.
“The Pentagon is developing a specific acquisition track for information technology,” Secretary Lynn wrote, and it also is bolstering the number of cyberdefense experts who will lead the charge into the new cyberwar era.
The military’s global communications backbone consists of 15,000 networks and 7 million computing devices across hundreds of installations in dozens of countries, Secretary Lynn wrote.
More than 90,000 people work full time to maintain it, he said, but more are needed.
Through the establishment of U.S. Cyber Command and the bolstering of cybersecurity at other defense agencies, “we’ve greatly increased the number of cyber professionals we have at DOD and will continue to increase that,” Secretary Lynn said.