Carter Unveils New DoD Cyber Strategy in Silicon Valley
Carter Unveils New DoD Cyber
Strategy in Silicon Valley
By Cheryl Pellerin, DoD News,
Defense Media Activity.
Washington D.C. — (DoD
News) — April 23, 2015 — Defense Secretary Ash Carter today unveiled the
Defense Department’s second cyber strategy to guide the development of DoD's
cyber forces and to strengthen its cyber defenses and its posture on cyber
deterrence. Carter discussed the new strategy -- an update to the original
strategy released in 2011 -- before an audience at Stanford University on the
first day of a two-day trip to Silicon Valley in California.
Defense Secretary Ash Carter presenting the
Pentagon's new cyber strategy and innovation initiatives
At Stanford, he delivered the annual Drell Lecture, and
afterward he was scheduled to visit the Facebook campus in Menlo Park. Tomorrow,
the secretary will meet with executives at the $4 billon venture-capital firm
A Complex Challenge
“While we in DoD are an attractive target, the cyber threat
is one we all face as institutions and as individuals,” Carter said at Stanford.
In response to one of the world’s most complex challenges,
the Defense Department has three missions in the cyber domain, he added.
The first is to defend DoD networks, systems and information.
The second is to defend the U.S. homeland and U.S. national interests against
cyberattacks of significant consequence, and the third is to provide integrated
cyber capabilities to support military operations and contingency plans.
“In some ways, what we’re doing about this threat is similar
to what we do about more conventional threats,” Carter said.
Deterrence is Key
“We like to deter malicious action before it happens and we
like to be able to defend against incoming attacks as well as pinpoint where an
attack came from,” the secretary said. Stronger partnerships throughout the
government and stronger private-sector security researchers such as FireEye,
Crowdstrike, HP and others have improved the department’s ability to respond, he
Deterrence is a key part of the new cyber strategy, which
describes the department’s contributions to a broader national set of
capabilities to deter adversaries from conducting cyberattacks, according to a
fact sheet about the strategy.
The department assumes that the totality of U.S. actions --
including declaratory policy, substantial indications and warning capabilities,
defensive posture, response procedures and resilient U.S. networks and systems
–- will deter cyberattacks on U.S. interests, the fact sheet added.
Action, Defensive or Otherwise
“Still,” Carter said, “adversaries should know that our
preference for deterrence and our defensive posture don’t diminish our
willingness to use cyber options if necessary.”
When the nation does take action, defensive or otherwise,
conventionally or in cyberspace, he added, it operates under rules of engagement
that comply with international and domestic law.
The approach reflects two goals, the secretary said: “keeping
the Internet open, secure and prosperous, and assuring that the nation continues
to respect and protect the freedoms of expression, association and privacy that
reflect who we are as a nation.”
Dozens of militaries are developing cyber forces, Carter said,
and because stability depends on avoiding miscalculation that could lead to
escalation, militaries must talk to each other and understand each other’s
Shedding Light on Cyber
DoD must do its part, the secretary said, to shed more light
on cyber capabilities that historically have been developed in the shadows.
Carter shared with the audience an incident that was recently
declassified to help illustrate the cyber threat facing the department and how
The incident “has never been publicly reported,” he said,
“and it shows how rapidly DoD can detect, attribute and expel an intruder” from
its military networks.
Earlier this year, he said, the sensors that guard DoD’s
unclassified networks detected Russian hackers accessing one of DoD’s networks
who had discovered an unpatched vulnerability in a legacy network.
Hunting Down Intruders
“While it’s worrisome they achieved some unauthorized access
to our unclassified network, we quickly identified the compromise and had a team
of incident responders hunting down the intruders within 24 hours,” Carter
After discerning valuable information about the hackers’
tactics, experts analyzed the network activity, associated it with Russia, then
kicked them off the network in a way that minimized their chances of returning,
The episode illustrates a step in the right direction, Carter
said, and he told the audience about the department’s new cyber strategy, which
he said begins with the department’s people.
The strategy’s first strategic goal is building and training
the department’s Cyber Mission Forces, he said.
Keeping Systems Secure
“These are talented individuals who hunt down intruders,
red-team our networks and perform the forensics that help keep our systems
secure,” Carter added, noting that their skill and knowledge makes them more
valuable than the technology they use.
Another goal, the secretary said, is to be better prepared to
build and defend DoD information networks, secure data and mitigate risks to
“We do this in part through deterrence by denial, in line
with today’s best-in-class cybersecurity practices, building a single security
architecture that’s more easily defendable and able to adapt and evolve to
mitigate current and future cyber threats,” Carter said.
Consolidating DoD IT
DoD also will strengthen network defense command and control
to synchronize across thousands of DoD networks, and conduct exercises in
resilience, he said, so that if a cyberattack degrades capabilities, the
department still can mobilize, deploy and operate forces in all other domains.
“Just this week I directed that we consolidate DoD’s IT
services in the Pentagon and throughout the capital region,” Carter said, noting
that this will help improve cybersecurity and save millions of dollars.
A primary aspect of the strategy is working with partners in
the private sector, across the government and around the world, the secretary
said. And because U.S. businesses own, operate and see about 90 percent of
national networks, the private sector must be a key partner, he added.
“The U.S. government has a unique suite of cyber tools and
capabilities, but we need the private sector to take its own steps to protect
its data and networks,” Carter said.
Helping When Possible
“We want to help where we can,” the secretary added, “but if
companies themselves don’t invest, our country’s collective cybersecurity
posture is weakened and our ability to augment that protection is limited.”
To build the cyber force, Carter said, “we’re going to need
to use new ways to attract talent through new private-sector exchange programs,
… and to ensure that our people have the right tools to execute their missions,
we’re going to [increase] our fundamental research and development … with
established and emerging private-sector partners in cyber.”
With these partners, he added, cyber capabilities can be
created that can both help DoD and then spin off into the wider U.S. marketplace.
To ensure that the department’s cyber operations are
appropriate and effective, Carter said, “we’re going to work more closely with
our law-enforcement partners at FBI, with Homeland Security, and elsewhere.”
Clear lines of authority dictate who can work where, the
secretary said, so as adversaries jump from foreign to U.S. networks, defenders
must coordinate with the government to operate seamlessly.
“I’m determined that the Department of Defense be a
cooperative partner with law enforcement and with Homeland Security,” Carter
The department has already begun practicing with its FBI
partners, he added, “and we’re going to be exercising much more going forward.
It’s important that we work together and that we all behave in a way that is
lawful and appropriate.”
This is serious business, Carter told the audience, and it
“But in addition to the dangers there are great opportunities
to be seized through a new level of partnership between the Pentagon and Silicon
Valley,” he added, “opportunities that we can only realize together.”
(Follow Cheryl Pellerin on
Related Videos :
Cyber Strategy Aims to Unleash Promise, Mitigate Risk
Secretary Discusses Cyber Strategy at Stanford
Related Stories :
Department of Defense Cyber Strategy
Cyber Strategy Fact Sheet
Carter Visits Silicon Valley Companies to Enhance DoD Technology Innovation
Carter Seeks Tech-sector Partnerships for Innovation
Carter’s Silicon Valley Trip to Boost DoD Innovation
Related Biographies :
Ashton B. Carter
Related Sites :
Report: The Department of Defense Cyber Strategy