WASHINGTON, July 14, 2011 – The Defense Department's first strategy for operating in cyberspace is a milestone in the fight to protect the nation from potentially devastating network attacks, Deputy Defense Secretary William J. Lynn III said today.
Lynn addressed an audience of military and civilian officials, educators and reporters at the National Defense University.
"We do not know the exact way in which cyber will figure in the execution of [DOD's] mission, or the precise scenarios that will arise," Lynn said.
"But the centrality of information technology to our military operations and our society virtually guarantees that future adversaries will target our dependence on it," he added.
"Our assessment is that cyber attacks will be a significant component of any future conflict, whether it involves major nations, rogue states or terrorist groups," the deputy secretary said.
The existence of tools that disrupt or destroy critical networks, cause physical damage, or alter the performance of key systems marks a strategic shift in the evolving cyber threat, Lynn said.
"As a result of this threat," he added, "keystrokes originating in one country can impact the other side of the globe in the blink of an eye. In the 21st century, bits and bytes can be as threatening as bullets and bombs."
An important element of the strategy is to deny or minimize an attack, Lynn said. "If we can minimize the impact of attacks on our operations and attribute them quickly and definitively, we may be able to change the decision calculus of an attacker."
Other elements, or pillars, of the strategy include:
• Treating cyberspace as an operational domain like land, air, sea and space, operating and defending department networks and training and equipping forces for cyber missions.
• Introducing new operating concepts on department networks, including active cyber defenses, using sensors, software and signatures to stop malicious code before it affects operations.
• Working with the Department of Homeland Security and the private sector to protect critical national infrastructure like the power grid, transportation system and financial sector.
• Building collective cyber defenses with allies and international partners to expand awareness of malicious activity and help defend against attacks.
• Fundamentally shifting the technological landscape of cyber security by significantly enhancing network security.
"Over the past year," Lynn said, "we have made progress in each of these five pillars."
In May 2010, U.S. Cyber Command became operational to centralize network operations and defense.
"We have established supporting activities in each of the military services," Lynn said, "and we are now training our forces to thwart attacks that compromise our operations."
The United States partnered with Australia, Canada, the United Kingdom and NATO, and under President Barack Obama's Comprehensive National Cybersecurity Initiative, launched in May, the Defense Department will increase cooperation with other nations in the coming months, he added.
"We have also committed half a billion dollars in [research and development] funds to accelerate research on advanced defensive technologies," the deputy secretary said.
"Our research agenda includes novel approaches to improving network security and defense," he said.
"We imagine a time when computers innately and automatically adapt to new threats," he said. "We hope for a world when we can not only transmit information in encrypted form, but also keep data encrypted as we perform regular computer operations. Having data encrypted 100% of the time would be a revolution in computer security, greatly enhancing our ability to operate in untrusted environments."
The Defense Department has made "substantial progress,"