William Lynn: Cyber Warfare Unavoidable in the Near Future

Photo: Cherie Cullen

Any large, future clash will “almost certainly” include aspects of cyber warfare–a threat that reaches far beyond military operations and into the core of the U.S. economy, said Deputy Defense Secretary William J. Lynn III at the Council on Foreign Relations in New York City last week.

“Any major future conflict will almost certainly include elements of cyber warfare,” Lynn said. “And the threat posed by cyber warfare extends far beyond military operations – it extends to the very heart of our economy.”

The Department of Defense always knew about threats posed by hackers, nation states or terror groups in the cyber world, but it experienced a wake-up call in 2008 when an intrusion into military networks extended to the classified realm.

Lynn said up to that moment, “we did not think our classified networks could be penetrated.”

The breach occurred when someone in the Middle East used a thumb drive to transfer data from the unclassified network to the classified network, he said. The department launched Operation Buckshot Yankee and spent a lot of time, energy and money to remedy the situation. The attack led to a new approach to cybersecurity in the Pentagon, Lynn said.

Expanding on the recent article he wrote for Foreign Affairs magazine, Lynn detailed the attributes of the cyber threats. First, he said, cyber is an asymmetric threat. It costs very little to develop a cyber threat, while defending against it costs quite a lot. As an example, he explained how some of the most complex, commercially available defense software now have between 5 million and 10 million lines of code. In contrast, the average malware has stayed constant over the last decade at 170 lines of code, Lynn said.

A second attribute of the cyber threat is the issue of attribution and the time it takes to identify an attacker, the secretary noted.

“The forensics of identifying an attacker can take weeks, months — or even years — if you can do it at all,” he said.

A third attribute, Lynn said, is that cyber warfare is offense-dominant. The Internet, he said, was not created with security in mind; instead, it is transparent and encourages ease of technical innovation.

“Structurally, you will find the defender is always lagging behind the attacker in terms of developing measures and countermeasures,” Lynn said. “Adept programmers will always be able to find vulnerabilities and challenge security measures.”

You may also be interested in...

GSA Eyes ‘On-Ramp’ Solicitation for OASIS Small Business IDIQ’s Six Subpools

The General Services Administration has announced plans to issue a solicitation as an on-ramp for the six subpools of the One Acquisition Solution for Integrated Services Small Business contract vehicle. GSA’s Federal Acquisition Service said in a presolicitation notice published Friday that it expects to award 30 contracts for subpool 1, 20 contracts for subpool 3 and eight each for subpools 2, 4, 5B and 6 of the OASIS SB indefinite-delivery/indefinite-quantity contract.

SSL to Design Methane Emission Detection Satellite; Richard White Quoted

Maxar TechnologiesSSL subsidiary has received a contract from Environmental Defense Fund to design and define requirements for a small satellite designed to detect and monitor methane emissions from oil and gas facilities worldwide. MethaneSAT is a small form-factor satellite that will work to provide high-resolution images to help detect and measure low- and high-emission sources in regions that constitute more than 80 percent of global production of oil and gas per week, Maxar said Thursday

Booz Allen’s Sarah St. Clair on Lessons Learned From HR Tech Upgrade Project

Sarah St. Clair, vice president responsible for human resource services at Booz Allen Hamilton, told Diginomica in an interview published Tuesday about the company’s experiences and efforts to address challenges associated with upgrading its HR technology system. St. Clair discussed Booz Allen’s move to execute the Workday project to manage recruitment operations and mentioned some of the actions the company made to mitigate negative impacts associated with project implementation.