[ISN] Lynn: Cyberspace is the New Domain of Warfare

From: InfoSec News <alerts_at_private>
Date: Wed, 20 Oct 2010 00:18:09 -0500 (CDT)
http://www.defense.gov/news/newsarticle.aspx?id=6131

By Cheryl Pellerin
American Forces Press Service
Oct. 18, 2010

With the creation of the U.S. Cyber Command in May and last week’s 
cybersecurity agreement between the departments of Defense and Homeland 
Security, DOD is ready to add cyberspace to sea, land, air and space as 
the latest domain of warfare, Deputy Defense Secretary William J. Lynn 
III said.

“Information technology provides us with critical advantages in all of 
our warfighting domains so we need to protect cyberspace to enable those 
advantages,” Lynn said during an Oct. 14 Pentagon Channel interview

Adversaries may be able to undermine the military’s advantages in 
conventional areas, Lynn said, by attacking the nation’s military and 
commercial information technology, or IT, infrastructure.

This threat has “opened up a whole new asymmetry in future warfare,” the 
deputy defense secretary said.

DOD’s focus on cyberdefense began in 2008 with a previously classified 
incident in the Middle East in which a flash drive inserted malware into 
classified military networks, Lynn said.

“We realized we couldn’t rely on passive defenses and firewalls and 
software patches, and we’ve developed a more-layered defense,” he said.

Lynn laid out a draft cyberstrategy in the September/October issue of 
“Foreign Affairs” magazine. He said DOD is working to finalize the 
strategy.

“There’s no agreed-on definition of what constitutes a cyberattack,” 
Lynn said. “It’s really a range of things that can happen -- from 
exploitation and exfiltration of data to degradation of networks to 
destruction of networks or even physical equipment, physical property. 
What we’re doing in our defense cyberstrategy is developing appropriate 
responses and defenses for each of those types of attacks.”

One element of the strategy –- working with Homeland Defense to protect 
critical military and civilian IT infrastructure -– was put into place 
Oct. 13, when Defense Secretary Robert M. Gates and Homeland Security 
Secretary Janet Napolitano announced a new agreement to work together on 
cybersecurity.

The agreement includes a formal mechanism for benefiting from the 
technical expertise of the National Security Agency, or NSA, which is 
responsible for protecting national security systems, collecting related 
foreign intelligence, and enabling network warfare.

Another element is what Lynn calls a “layered defense, where you have 
intrusion detection and firewalls but you also have a … layer that helps 
defend against attacks.”

In his draft strategy, Lynn describes the defense-layer component of 
cybersecurity in terms of NSA-pioneered systems that “automatically 
deploy defenses to counter intrusions in real time. Part sensor, part 
sentry, part sharpshooter, these active defense systems represent a 
fundamental shift in the U.S. approach to network defense.”

And, since no cyberdefense system is perfect, DOD requires “multiple 
layers of defense that give us better assurance of capturing malware 
before it gets to us,” Lynn said.

“We need the ability to hunt on our own networks to get [intruders] that 
might get through and we need to continually improve our defenses,” he 
continued. “We can’t stand still. The technology is going to continue to 
advance and we have to keep pace with it.”

Envisioned attacks on military networks could impair military power, 
national security and the economy, Lynn said.

Enemy cyberattacks could deprive the military of the ability to strike 
with precision and communicate among forces and with headquarters, he 
said, and it could impair logistics or transportation networks and 
eliminate advantages that information technology has given military 
forces.

“Beyond that, cyberattacks conceivably could threaten the national 
economy if [adversaries] were to go after the power grid or financial 
networks or transportation networks, and that, too, would be a national 
security challenge,” Lynn said. “And over the long run there’s a threat 
to our intellectual property … basically a theft of the life blood of 
our economy.”

Working more closely with allies is an important element of the 
strategy, he said, to ensure a shared defense and an early warning 
capability.

The NATO 2020 report rightly identified the need for the alliance’s new 
10-year strategic concept -- a draft of which is an expected product of 
the 2010 NATO Summit slated for Nov. 19-20 in Lisbon, Portugal –- to 
further incorporate cyberdefense concepts Lynn wrote about in Foreign 
Affairs.

U.S. technological advantages are a critical part of the cyberstrategy 
and the Pentagon already is working with industry and with the Defense 
Advanced Research Projects Agency to put these to work, Lynn said.

As part of a public-private partnership called the Enduring Security 
Framework, Lynn wrote in his Foreign Affairs article, chief executive 
officers and chief technology officers of major IT and defense companies 
meet regularly with top officials from Defense, Homeland Security and 
the Office of the Director of National Intelligence.

DARPA also is working on the National Cyber Range, a simulated model of 
the Internet that will enable the military to test its cyberdefenses 
before deploying them in the field.

The Pentagon’s IT acquisition process also has to change, Lynn wrote in 
Foreign Affairs. It took Apple Inc. 24 months to develop the iPhone, he 
said, and at DOD it takes on average about 81 months to develop and 
field a new computer system after it is funded.

“The Pentagon is developing a specific acquisition track for information 
technology,” Lynn wrote in Foreign Affairs, and it also is bolstering 
the number of cyberdefense experts who will lead the charge into the new 
cyberwar era.

The military’s global communications backbone consists of 15,000 
networks and 7 million computing devices across hundreds of 
installations in dozens of countries, Lynn wrote. More than 90,000 
people work full time to maintain it, he said, but more are needed.

Through the establishment of U.S. Cyber Command and the bolstering of 
cybersecurity at other defense agencies “we’ve greatly increased the 
number of cyber professionals we have at DOD and will continue to 
increase that,” Lynn told the Pentagon Channel.”


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Tue Oct 19 2010 - 22:18:09 PDT

This archive was generated by hypermail 2.2.0 : Tue Oct 19 2010 - 22:26:54 PDT