The Department of Defense today released its Strategy for Operating in Cyberspace, the department’s first operational cybersecurity strategy, focusing on minimizing the benefits of attack to the country’s adversaries.
“This strategy holds that our posture in cyberspace must mirror the posture we assume to provide security for our nation overall,” Deputy Secretary of Defense William Lynn said at a press conference announcing that strategy at the National Defense University. “Namely, our first goal is to prevent war. We do this in part by preparing for it. And we do so while acknowledging and protecting the basic freedoms of our citizens.”
Secretary of Defense Leon Panetta said in a prepared statement, “It is critical to strengthen our cyber capabilities to address the cyber threats we’re facing. I view this as an area in which we’re going to confront increasing threats in the future and think we have to be better prepared to deal with the growing cyber challenges that will face the nation.”
Lynn said the strategy focuses on five pillars for protecting DoD’s more than 15,000 networks and seven million computing devices:
- The department is treating cyberspace as an operational domain, like land, air, sea and space. Treating cyberspace as a domain means that the military needs to operate and defend its networks and to organize, train and equip forces to perform cyber missions.
- Introducing new operating concepts to the networks, including active cyber defenses, threat detective use sensors, software and signatures to detect and stop malicious code before it affects operations.
- Recognizing that a number of non-military networks support important military functions, such as the power grid, transportation system and financial sector. As such, the military must work with the Department of Homeland Security.
- Carry the same logic of interconnectedness to the nation’s allies and international partners to build with them collective cyber defenses to help spread awareness of malicious activity and speed the ability to defend against ongoing attacks.
- Finally, shift the technological landscape of cybersecurity by enhancing network security to reduce the advantages of the country’s adversaries.
Lynn said DoD has already made progress in each of these pillars: namely standing up US Cyber command, partnering with NATO allies in cyberspace and committing $500 million to R&D funds to accelerate research on advanced defense technologies.
Lynn said the department has also made substantial progress working with private industry and the rest of government to make sure critical infrastructure is more secure. He said DoD has partnered with DHS on a pilot program with defense companies to provide the industry partners with more robust protection for their networks.
The idea is that companies can voluntarily receive threat intelligence from the government that they can use to help protect their own networks. The government will not be monitoring these companies, but trying to give them information to work for the good of the country, Lynn said.
“Our responsibility is to acknowledge this new environment and adapt our security instruments to it,” Lynn said. “That is the purpose of the DoD Cyber Strategy. We must prepare. We must recognize the interconnectedness of cyber. And we must be mindful of the many ways cyberspace is used – as a peaceful instrument of global communications, as a tool for economic growth – and also, as an instrument to threaten and sometimes cause harm.”