DoD Unveils New Cyber Defense StrategyCyberspace Joins Land, Sea and Air as Fourth Arena of Warfare
Lynn, at a press briefing, said cyberspace will be on the frontline of national security. "Any conflict we see going forward is going to have some element of cyber warfare and we need to make sure that we've prepared and developed our military capabilities to sustain that," he said.
Lynn outlined the five pillars:
- Recognize cyberspace as a new domain of warfare, along with air, sea and land, which lead to the creation last spring of the military cyber command. "Cyberspace is manmade but is equally important."
- Extend defensive posture beyond good hygiene and perimeter defenses as intrusion detection. "We need to be able to respond to attacks, to intrusions at network speed."
- Extend protections as to critical infrastructure a supporting role to the Department of Homeland Security. "The military networks do not exists in a vacuum; we depend heavily on commercial networks for logistics, transportation, for power. Just in pure military terms, we need critical infrastructure protected, and the nation more broadly, the national economy, national security requires protection for those critical infrastructure areas."
- Pursue collective cyber defenses internationally. "It's clear that you're more effective in the cyber world the more threaded signatures that you understand and share, and so the cold war concept of shared warning here really applies."
- Maintain and leverage U.S. technical dominance. "We clearly have the most sophisticated IT industry in the world; we need to be able to not only protect that but utilize that to defend our network infrastructure. That means we need to focus on a cadre of cyber professionals ... we need to multiply their talents through techniques like artificial intelligence. Within DoD itself, we need to adapt our acquisition process that does not have the agility and speed to keep up with the technological pace of IT."
Lynn said he expects the five pillars will be codified by year's end.
Lynn held the briefing simultaneously with the publication of an article - Defending a New Domain: The Pentagon's Cyberstrategy - he authored in the journal Foreign Affairs that addressed the five pillars as well as revealed one of the most significant breaches of military computers caused by a flash drive inserted into a laptop on a military post in the Middle East in 2008.
Because of national security concerns, Lynn shed little new light on the breach. He confirmed that a classified network was breached, but would neither identify the assailant nor say whether any retaliatory action was taken. The Los Angeles Times reported in 2008 that Russia was behind the attack.
Lynn said threat of retaliation in cyberspace isn't a viable option in many instances, especially considering the difficulty of attribution - the means to identify the assailant - and the fact that attackers such as terrorists have few if any assets at risk. Instead, he said the favored approach is denial of benefits. For instance, he said, a denial of benefit would be the inability of an attacker who places malware on a computer from profiting from the intrusion if the system prevents the malicious software from retrieving and transmitting sensitive information back to the assailant.
Sen. Thomas Carper, the Delaware Democrat who chairs a Senate subcommittee with cybersecurity oversight, characterized Lynn's revelation about the breach as "sadly old news."
"For years, agencies like the National Security Agency have needlessly obscured the frequency and significance of attacks like those recently publicly revealed by the Department of Defense out of fear that this attention would entice even more bad guys to attack our vulnerable networks," Carper said in a statement. "The problem with keeping the public in the dark about this threat is that the bad guys have already set up shop inside our networks."
Carper called on his congressional colleagues to enact cybersecurity legislation quickly. "We need a more robust effort from the federal government to build the defenses and train the defenders we need to protect our vital networks," he said. :That's why it's so important for Congress and the administration to come together and deal with this threat, before it's too late."