DOD Develops New Cyberspace Strategy, Because 'Bytes Can be as Destructive as Bombs'

“In the 21st century, bits and bytes can be as threatening as bullets and bombs,” U.S. Deputy Defense Secretary William J. Lynn III told an audience of military and civilian officials, at the National Defense University at Fort Lesley J. McNair in Washington, D.C., on July 14, as he introduced the DOD’S first unified strategy for operating in cyberspace.

Lynn described the strategy as “a milestone in the fight to protect the [United States] from potentially devastating network attacks,” adding, “Our assessment is that cyber attacks will be a significant component of any future conflict, whether it involves major nations, rogue states, or terrorist groups,” the deputy secretary said.

The existence of tools that disrupt or destroy critical networks—including military, utility, transpiration, and financial platforms—or alter the performance of key systems, marks a strategic shift in the evolving cyber threat, Lynn said.

“As a result of this threat,” he added, “keystrokes originating in one country can impact the other side of the globe in the blink of an eye

An important element of the strategy is to deny or minimize an attack, Lynn said. “If we can minimize the impact of attacks on our operations and attribute them quickly and definitively, we may be able to change the decision calculus of an attacker.”

Other elements, or pillars, of the strategy include:

-- Treating cyberspace as an operational domain, like land, air, sea, and space,

-- Using sensors, software, and signatures to stop malicious code before it affects operations.

-- Working with the Department of Homeland Security and the private sector to protect critical national infrastructure like the power grid, transportation system, and financial sector.

-- Building collective cyber defenses with allies and international partners to expand awareness of malicious activity and help defend against attacks.

-- Fundamentally shifting the technological landscape of cyber security by significantly enhancing network security.

“Over the past year,” Lynn said, “we have made progress in each of these five pillars.”

In May 2010, U.S. Cyber Command became operational to centralize network operations and defense. “We have established supporting activities in each of the military services,” Lynn said, “and we are now training our forces to thwart attacks that compromise our operations.”

The United States partnered with Australia, Canada, the United Kingdom, and NATO, and under President Barack Obama’s Comprehensive National Cyber Security Initiative, launched in May, the Defense Department will increase cooperation with other nations in the coming months.

“We have also committed half a billion dollars in [research and development] funds to accelerate research on advanced defensive technologies,” the deputy secretary said.

“Our research agenda includes novel approaches to improving network security and defense,” he said, continuing, “We imagine a time when computers innately and automatically adapt to new threats,” he said. “We hope for a world when we can not only transmit information in encrypted form, but also keep data encrypted as we perform regular computer operations.”

Last October, the Departments of Defense and Homeland Security, signed an agreement to coordinate cyber security efforts. The agencies established a joint planning methodology and exchanged cyber personnel in their operations centers.DOD is helping Homeland Security deploy advanced defensive technologies on government networks, Lynn said.

The critical infrastructure the military depends on extends to private companies that build DOD’s equipment and technology, he added. “It is a significant concern that, over the past decade, terabytes of data have been extracted by foreign intruders from corporate networks of defense companies,” Lynn said.

“The United States stands at an important juncture in the development of the cyber threat, Lynn stated. “More destructive tools are being developed, but have not yet been widely used.

“We have a window of opportunity,” he added, “… in which to protect our networks against more perilous threats.”