DoD: Military must be capable within 'cyber' domain
U.S. Deputy Secretary of Defense William Lynn III said the Department Of Defense (DoD) will soon complete a new cyber security strategy that explicitly recognizes cyberspace as a new battlefield.
By George V. Hulme
February 16, 2011 — CSO —
SAN FRANCISCO -- In his keynote Tuesday at RSA Conference 2011, U.S. Deputy Secretary of Defense William Lynn III said the Department Of Defense (DoD) is set to soon complete a new cyber security strategy that will explicitly recognize cyberspace as a new and official warfare domain. Dubbed Cyber 3.0, it charges the military with defending government networks just as it defends land, sea and air. Cyber 3.0 is also an extension of the U.S. Cyber Command Initiative that kicked off in 2009.
To maintain national security today and in the future "our military must be as capable in this new domain as it is in more traditional domains," Lynn said to a packed audience of security attendees.
"Cyber 3.0 is an important milestone for our department. But even if we execute it flawlessly, the fact is that the government cannot protect our nation alone," Lynn said. "Cyber defense is not a military mission, like defending our airspace, where the sole responsibility lies with the military. The overwhelming percentage of our nation's critical infrastructure -- including the Internet itself -- is largely in private hands. It is going to take a public-private partnership to secure our networks," he said.
"To be successful, I believe we need to pursue several avenues of industry-government cooperation," Lynn said.
Lynn said cyber-attackers have noticeably stepped up their game in recent years, and the military's concerned not just about military and government networks."Commercial intellectual property has been stolen from business," said Lynn. "These attacks blunt our edge, saps our competitiveness in the global economy."
To protect its networks, Lynn said, the DoD has bolstered them with so called "active defenses" that are sensors used to spot malicious activity on its networks and segment and destroy those threats.
Lynn noted current attempts to improve security, such as the National Cyber Security Division (NCSD), which is part of the Department of Homeland Security and works closely with public and private US and international interests to combat the cyber threat. The DoD is also working closely with telecommunication providers as they can help the agency to identify -- and respond -- to potential threats around the globe.
Lynn accepted that the DoD can't simply deploy new technologies and forge closer relationships with the private sector to succeed. To effectively defend these networks, the DoD must learn how to adapt and move more quickly.
He used Apple and the iPhone as a contrast to the DoD's ability to move an initiative forward. It currently takes the Pentagon 81 months to field a new computer system. The iPhone was developed in just 24 months.
"That is less time than it takes us to prepare a budget and receive Congressional approval for it. This means I get permission to start a project at the same time Steve Jobs is talking on his new iPhone. It's not a fair trade. We have to close this gap. Silicon Valley can help us," he said.George V. Hulme writes about security and technology from his home in Minneapolis. He can be found on Twitter as @georgevhulme.
Read more about application security in CSOonline's Application Security section.