In the face of heightened cyberthreats, the Pentagon is pursuing a multi-pronged defense strategy that includes a reliance on private sector participation, William J. Lynn, III, U.S. Deputy Secretary of Defense, said in a keynote Tuesday at RSA Conference 2011.
“To this point, the disruptive attacks we’ve seen are relatively unsophisticated in nature. In the future, more capable adversaries could potentially immobilize networks on a wide scale for a much longer time,” he said.
It’s not impossible to imagine attacks on military networks or critical infrastructure that could cause severe economic damage or even loss of life, Lynn said. The nation must prepare for the likelihood that a cyberattack will be part of a conventional attack, he said. Al-Qaida hasn’t yet launched a cyberattack but it has vowed to, he adds.
“We stand at an important junction of development of cyberthreats… most malicious actors haven’t laid their hands on the most harmful capabilities. But this situation won’t last forever,” he said. “We need to develop stronger defenses before this occurs. We have a window of opportunity to gird our networks against more serious threats.”
For the past two years, the Defense Department has deployed specialized defenses to defend military networks, officially recognizing cyberspace as a domain of warfare, he said. The Pentagon’s cyberstrategy relies on “active defenses” — a more dynamic approach that Lynn described as operating at network speed and using sensors to stop malicious code before it executes.
The military is also working to build collective defenses with its allies to cooperatively monitor networks for cyberdefense, he said. But a major part of the strategy is working with the private sector through information sharing and working with key technology companies to improve cybersecurity, he said. To that end, the Defense Department announced an expanded IT exchange program that Lynn said will allow for exchange of IT and security personnel between government and industry.
It also is adding half a billion dollars in funding for research into cloud computing, encryption and virtualization technologies, Lynn said.
“Over the long term, we must develop technology that reverses the advantage of those seeking to steal our secrets and cause us harm. … The challenge we face today in cybersecurity — it’s global in scope and requires government working closely with industry.”