With the standup of the U.S. Cyber Command in May and last week’s agreement between the departments of defense and homeland security to collaborate to boost cybersecurity, DoD is ready to add cyberspace to sea, land, air and space as the latest domain of warfare, Deputy Defense Secretary William J. Lynn, III said.
“Information technology provides us with critical advantages in all of our warfighting domains so we need to protect cyberspace to enable those advantages,” Lynn said during an Oct. 14 Pentagon Channel interview.
Enemies may be able to undermine the military’s advantages in conventional areas, Lynn said, by attacking the nation’s military and commercial IT infrastructure, opening “up a whole new asymmetry in future warfare,” Lynn said.
After a previously classified incident occurred in the Middle East in which a malware-infested flash drive infected classified military networks, DoD realized it could not rely on passive defenses and firewalls and software patches, and developed a more-layered defense, the deputy secretary said.
In the September/October issue of Foreign Affairs magazine, Lynn outlined a new cyber strategy. He said DoD is working to finalize that plan. One element of the strategy was implemented Oct. 13, when Defense Secretary Robert M. Gates and Homeland Security Secretary Janet Napolitano announced a new agreement to work together on cybersecurity.
In his draft strategy, Lynn describes the defense-layer component of cybersecurity in terms of NSA-pioneered systems that “automatically deploy defenses to fight intrusions in real time.
“Part sensor, part sentry, part sharpshooter, these active defense systems represent a fundamental shift in the U.S. approach to network defense,” he said.
Lynn also spoke about how U.S. technological advantages are an important aspect of the cyber strategy. The Pentagon already is working with the Defense Advanced Research Projects Agency to put these to work by developing the National Cyber Range, a simulated model of the Internet that will enable the military to test its cyber defenses before deploying them in the field.