Cybersecurity News

Addressing what he called “the most technically sophisticated audience,” US Deputy Secretary of Defense William Lynn III took the RSA Conference stage on Tuesday to discuss the Armed Forces’ role in defending a new domain: cyberspace.

“Information technology is at the core of our most important military capabilities,” Lynn told the crowd of thousands of security experts.  “It gives us the ability to navigate with accuracy, to communicate with certainty, to see the battlefield with clarity, and to strike with precision. But for all the wonderful capabilities technology enables in our military, it also introduces enormous vulnerabilities.”

Referencing one major vulnerability in particular, Lynn said the 2008 breach of US military networks by a foreign intelligence agency’s corrupt thumb drive caused a change in demeanor on how the Defense Department approaches its take on cybersecurity.

“It was our worst fear: a rogue program operating silently on our system, poised to deliver operation plans into the hands of an enemy,” said the deputy secretary. “Unfortunately the cyber threat continues to mature, posing dangers to our security that far exceed the 2008 breach of our classified systems.”

Noting the recent cyber intrusions in the oil and gas industry, as well as NASDAQ and Google attacks, Lynn pointed out that cyber threats are occurring on both government and commercial systems, thereby stressing the need for the public and private sectors to work together to protect the nation.

While Lynn classified most cyber attacks against the US government and industry as exploits that are “relatively unsophisticated in nature,” he went on to stress, “In the future, more capable adversaries could potentially immobilize networks on a wider scale, for much longer periods of time.”

In particular, Lynn focused on the threat that terrorists could pose if given the resources and capabilities to launch an attack.

“Al-Qaeda, which has vowed to unleash cyber attacks, has not yet done so, but it is possible for a terrorist group to develop cyber attacks tools on their own, or even to buy them on the black market,” Lynn suggested.

To develop a proactive cyber defense, the deputy secretary revealed five pillars to be laid out in a forthcoming Defense Department comprehensive cyber strategy being called ‘Cyber 3.0.’

“First, the Defense Department has formally recognized cyberspace as a new domain of warfare, like air, land, sea and space,” Lynn said, noting that the first pillar of Cyber 3.0 would entail the military defending all US networks, as they do for physical US territories.

Additional pillars of Cyber 3.0 include: equipping US networks with active defenses, rather than post-attack cleanup; ensuring that the critical infrastructure the military relies on is protected; building collective defenses with US allies; and positioning the nation’s technological and human resources to ensure that the country retains its preeminent capabilities in cyberspace.

“Throughout American history, at moments of great challenge and crisis, industry and the private sector have stood up, partnered with government and developed the capabilities to keep our country safe,” Lynn noted.  “The incredible technologies that have resulted – including the Internet itself – have made our military the most effective fighting force in the world and our economy the most advanced of any nation.”