DOD Releases First Strategy for Operating in Cyberspace
DOD Releases First Strategy
for Operating in Cyberspace
By Cheryl Pellerin, American
Forces Press Service
Washington D.C. -- July 14, 2011 – (AFPS)
The Defense Department’s first strategy for operating in cyberspace is a
milestone in the fight to protect the nation from potentially devastating
network attacks, Deputy Defense Secretary William J. Lynn III said today.
Deputy Defense Secretary William J.
Lynn III announces the Defense Department's
Strategy for Operating in Cyberspace at National Defense University at Fort Lesley J. McNair in Washington, D.C.,
July 14, 2011. It is the department's first unified strategy for operating in
Lynn addressed an audience of military and civilian officials,educators and
reporters at the National Defense University.
“We do not know the exact way in which cyber will figure in the execution of
[DOD’s] mission, or the precise scenarios that will arise,” Lynn said.“But the
centrality of information technology to our military operations and our society
virtually guarantees that future adversaries will target our dependence on it,”
“Our assessment is that cyber attacks will be a significant component of any
future conflict, whether it involves major nations, rogue states or terrorist
groups,” the deputy secretary said.
The existence of tools that disrupt or destroy critical networks, cause
physical damage, or alter the performance of key systems marks a strategic shift
in the evolving cyber threat, Lynn said.
“As a result of this threat,” he added, “keystrokes originating in one
country can impact the other side of the globe in the blink of an eye. In the
21st century, bits and bytes can be as threatening as bullets and bombs.”
An important element of the strategy is to deny or minimize an attack, Lynn
said. “If we can minimize the impact of attacks on our operations and attribute
them quickly and definitively, we may be able to change the decision calculus of
Other elements, or pillars, of the strategy include:
Treating cyberspace as an operational domain like land, air, sea and space,
operating and defending department networks and training and equipping forces
for cyber missions.
Introducing new operating concepts on department networks, including active
cyber defenses, using sensors, software and signatures to stop malicious code
before it affects operations.
Working with the Department of Homeland Security and the private sector to
protect critical national infrastructure like the power grid, transportation
system and financial sector.
Building collective cyber defenses with allies and international partners to
expand awareness of malicious activity and help defend against attacks.
Fundamentally shifting the technological landscape of cyber security by
significantly enhancing network security.
“Over the past year,” Lynn said, “we have made progress in each of these five
In May 2010, U.S. Cyber Command became operational to centralize network
operations and defense.
“We have established supporting activities in each of the military services,”
Lynn said, “and we are now training our forces to thwart attacks that compromise
The United States partnered with Australia, Canada, the United Kingdom and
NATO, and under President Barack Obama’s Comprehensive National Cybersecurity
Initiative, launched in May, the Defense Department will increase cooperation
with other nations in the coming months, he added.
“We have also committed half a billion dollars in [research and development]
funds to accelerate research on advanced defensive technologies,” the deputy
“Our research agenda includes novel approaches to improving network security
and defense,” he said.
“We imagine a time when computers innately and automatically adapt to new
threats,” he said. “We hope for a world when we can not only transmit
information in encrypted form, but also keep data encrypted as we perform
regular computer operations. Having data encrypted 100% of the time would be a
revolution in computer security, greatly enhancing our ability to operate in
The Defense Department has made “substantial progress,” Lynn said, in working
with private industry and the rest of government to make critical infrastructure
Last October, the Departments of Defense and Homeland Security, which is
responsible for protecting critical infrastructure, signed an agreement to
coordinate cyber security efforts.
The agencies established a joint planning capability and exchanged cyber
personnel in their operations centers, he said.
DOD is helping Homeland Security deploy advanced defensive technologies on
government networks, Lynn said.
The critical infrastructure the military depends on extends to private
companies that build DOD’s equipment and technology, he added.
“It is a significant concern that over the past decade, terabytes of data
have been extracted by foreign intruders from corporate networks of defense
companies,” Lynn said. “In a single intrusion this March, 24,000 files were
The stolen data ranges from specifications for small parts of tanks,
airplanes and submarines to aircraft avionics, surveillance technologies,
satellite communications systems and network security protocols.
“Current countermeasures have not stopped this outflow of sensitive
information,” the deputy secretary said. “We need to do more to guard our
digital storehouses of design innovation.”
In response, he said, the Departments of Defense and Homeland Security
established a pilot program with a handful of defense companies that gives the
companies robust protection for their networks.
“In this Defense Industrial Base -- or DIB -- Cyber Pilot,” Lynn said,
“classified threat intelligence is shared with defense contractors or their
commercial Internet service providers, along with the know-how to employ it in
Such intelligence helps the companies and their Internet service providers
identify and stop malicious activity in their networks, he said.
“Although we are only beginning to evaluate the effectiveness of the pilot,”
Lynn said, “it has already stopped intrusions for some participating industry
Through information sharing promoted by the program, he added, “we not only
halted intrusions, we also learned more about the diversity of techniques used
to perpetrate them.”
The United States stands at an important juncture in the development of the
cyber threat, Lynn said.
“More destructive tools are being developed, but have not yet been widely
used,” he added.
The Defense Department needs to develop stronger defenses, the deputy
secretary said, before those who mean harm to the United States gain the ability
to launch more damaging cyber attacks.
“We have a window of opportunity,” he added, “ … in which to protect our
networks against more perilous threats.”
William J. Lynn III