- MENU
- HOME
- SEARCH
- WORLD
- MAIN
- AFRICA
- ASIA
- BALKANS
- EUROPE
- LATIN AMERICA
- MIDDLE EAST
- United Kingdom
- United States
- Argentina
- Australia
- Austria
- Benelux
- Brazil
- Canada
- China
- France
- Germany
- Greece
- Hungary
- India
- Indonesia
- Ireland
- Israel
- Italy
- Japan
- Korea
- Mexico
- New Zealand
- Pakistan
- Philippines
- Poland
- Russia
- South Africa
- Spain
- Taiwan
- Turkey
- USA
- BUSINESS
- WEALTH
- STOCKS
- TECH
- HEALTH
- LIFESTYLE
- ENTERTAINMENT
- SPORTS
- RSS
- iHaveNet.com
William J. Lynn III, Deputy Secretary of Defense
In 2008, the
This previously classified incident was the most significant breach of U.S. military computers ever, and it served as an important wake-up call. The Pentagon's operation to counter the attack, known as Operation Buckshot Yankee, marked a turning point in U.S. cyberdefense strategy.
Over the past ten years, the frequency and sophistication of intrusions into U.S. military networks have increased exponentially. Every day, U.S. military and civilian networks are probed thousands of times and scanned millions of times. And the 2008 intrusion that led to Operation Buckshot Yankee was not the only successful penetration. Adversaries have acquired thousands of files from U.S. networks and from the networks of U.S. allies and industry partners, including weapons blueprints, operational plans, and surveillance data.
As the scale of cyberwarfare's threat to U.S. national security and the U.S. economy has come into view, the Pentagon has built layered and robust defenses around military networks and inaugurated the new U.S. Cyber Command to integrate cyberdefense operations across the military. The Pentagon is now working with the
THE THREAT ENVIRONMENT
Information technology enables almost everything the U.S. military does: logistical support and global command and control of forces, real-time provision of intelligence, and remote operations. Every one of these functions depends heavily on the military's global communications backbone, which consists of 15,000 networks and seven million computing devices across hundreds of installations in dozens of countries. More than 90,000 people work full time to maintain it. In less than a generation, information technology in the military has evolved from an administrative tool for enhancing office productivity into a national strategic asset in its own right. The U.S. government's digital infrastructure now gives the United States critical advantages over any adversary, but its reliance on computer networks also potentially enables adversaries to gain valuable intelligence about U.S. capabilities and operations, to impede the United States' conventional military forces, and to disrupt the U.S. economy. In developing a strategy to counter these dangers, the Pentagon is focusing on a few central attributes of the cyberthreat.
First, cyberwarfare is asymmetric. The low cost of computing devices means that U.S. adversaries do not have to build expensive weapons, such as stealth fighters or aircraft carriers, to pose a significant threat to U.S. military capabilities. A dozen determined computer programmers can, if they find a vulnerability to exploit, threaten the United States' global logistics network, steal its operational plans, blind its intelligence capabilities, or hinder its ability to deliver weapons on target. Knowing this, many militaries are developing offensive capabilities in cyberspace, and more than 100 foreign intelligence organizations are trying to break into U.S. networks. Some governments already have the capacity to disrupt elements of the U.S. information infrastructure.
In cyberspace, the offense has the upper hand. The Internet was designed to be collaborative and rapidly expandable and to have low barriers to technological innovation; security and identity management were lower priorities. For these structural reasons, the U.S. government's ability to defend its networks always lags behind its adversaries' ability to exploit U.S. networks' weaknesses. Adept programmers will find vulnerabilities and overcome security measures put in place to prevent intrusions. In an offense-dominant environment, a fortress mentality will not work. the United States cannot retreat behind a Maginot Line of firewalls or it will risk being overrun. Cyberwarfare is like maneuver warfare, in that speed and agility matter most. To stay ahead of its pursuers, the United States must constantly adjust and improve its defenses.
It must also recognize that traditional Cold War deterrence models of assured retaliation do not apply to cyberspace, where it is difficult and time consuming to identify an attack's perpetrator. Whereas a missile comes with a return address, a computer virus generally does not. The forensic work necessary to identify an attacker may take months, if identification is possible at all. And even when the attacker is identified, if it is a nonstate actor, such as a terrorist group, it may have no assets against which the United States can retaliate. Furthermore, what constitutes an attack is not always clear. In fact, many of today's intrusions are closer to espionage than to acts of war. The deterrence equation is further muddled by the fact that cyberattacks often originate from co-opted servers in neutral countries and that responses to them could have unintended consequences.
Given these circumstances, deterrence will necessarily be based more on denying any benefit to attackers than on imposing costs through retaliation. The challenge is to make the defenses effective enough to deny an adversary the benefit of an attack despite the strength of offensive tools in cyberspace. (Traditional arms control regimes would likely fail to deter cyberattacks because of the challenges of attribution, which make verification of compliance almost impossible. If there are to be international norms of behavior in cyberspace, they may have to follow a different model, such as that of public health or law enforcement.)
Cyberthreats to U.S. national security are not limited to military targets. Hackers and foreign governments are increasingly able to launch sophisticated intrusions into the networks that control critical civilian infrastructure. Computer-induced failures of U.S. power grids, transportation networks, or financial systems could cause massive physical damage and economic disruption. Such infrastructure is also essential to the military, both abroad and at home: coordinating the deployment and resupply of U.S. troops and equipping troops with goods from private vendors necessarily requires using unclassified networks that are linked to the open Internet. Protecting those networks and the networks that undergird critical U.S. infrastructure must be part of Washington's national security and homeland defense missions.
Modern information technology also increases the risk of industrial espionage and the theft of commercial information. Earlier this year,
Computer networks themselves are not the only vulnerability. Software and hardware are at risk of being tampered with even before they are linked together in an operational system. Rogue code, including so-called logic bombs, which cause sudden malfunctions, can be inserted into software as it is being developed. As for hardware, remotely operated "kill switches" and hidden "backdoors" can be written into the computer chips used by the military, allowing outside actors to manipulate the systems from afar. The risk of compromise in the manufacturing process is very real and is perhaps the least understood cyberthreat. Tampering is almost impossible to detect and even harder to eradicate. Already, counterfeit hardware has been detected in systems that the
the United States rarely predicts accurately when and where military conflicts will occur. Predicting cyberattacks is also proving difficult, especially since both state and nonstate actors pose threats. More important, given that information technology is evolving rapidly, policymakers are left with little historical precedent to inform their expectations. Thus, the U.S. government must be modest about its ability to know where and how this threat might mature; what it needs is a strategy that provides operational flexibility and capabilities that offer maximum adaptability.
NEW STRATEGY
As a doctrinal matter, the Pentagon has formally recognized cyberspace as a new domain of warfare. Although cyberspace is a man-made domain, it has become just as critical to military operations as land, sea, air, and space. As such, the military must be able to defend and operate within it. To facilitate operations in cyberspace, the
Cyber Command has three missions. First, it leads the day-to-day protection of all defense networks and supports military and counterterrorism missions with operations in cyberspace. Second, it provides a clear and accountable way to marshal cyberwarfare resources from across the military. A single chain of command runs from the U.S. president to the secretary of defense to the commander of Strategic Command to the commander of Cyber Command and on to individual military units around the world. To ensure that considerations of cybersecurity are a regular part of training and equipping soldiers, Cyber Command oversees commands within each branch of the military, including the Army Forces Cyber Command, the
Cyber Command's third mission is to work with a variety of partners inside and outside the U.S. government. Representatives from the FBI, the
Given the dominance of offense in cyberspace, U.S. defenses need to be dynamic. Milliseconds can make a difference, so the U.S. military must respond to attacks as they happen or even before they arrive. To grapple with this, the Pentagon has deployed a system that includes three overlapping lines of defense. Two are based on commercial best practices -- ordinary computer hygiene, which keeps security software and firewalls up to date, and sensors, which detect and map intrusions. The third line of protection leverages government intelligence capabilities to provide highly specialized active defenses. And the government is deploying all these defenses in a way that meets its obligation to protect the civil liberties of U.S. citizens.
Because some intrusions will inevitably evade detection and not be caught at the boundary, U.S. cyberdefenses must be able to find intruders once they are inside. This requires being able to hunt within the military's own networks -- a task that is also part of the Pentagon's active defense capability.
Active defense has been made possible by consolidating the
The speed at which active defense systems must act means that the rules of engagement governing network defense must be set largely in advance. Devising these protocols is not easy. Indeed, the effort to define clear rules of engagement for responding to cyberattacks has been exceedingly difficult, and for good reason. These rules of engagement will first have to assist in distinguishing between the exploits of a mere hacker, criminal activity (such as fraud or theft), espionage, and an attack on the United States. They will then have to determine what action is necessary, appropriate, proportional, and justified in each particular case based on the laws that govern action in times of war and peace.
The best-laid plans for defending military networks will matter little if civilian infrastructure -- which could be directly targeted in a military conflict or held hostage and used as a bargaining chip against the U.S. government -- is not secure.
The U.S. government has only just begun to broach the larger question of whether it is necessary and appropriate to use national resources, such as the defenses that now guard military networks, to protect civilian infrastructure. Policymakers need to consider, among other things, applying the
Given the global nature of the Internet, U.S. allies also play a critical role in cyberdefense. The more signatures of an attack one can see, and the more intrusions one can trace, the better one's defenses will be. In this way, the construct of shared warning -- a core Cold War doctrine -- applies to cyberspace. Just as the United States' air and space defenses are linked with those of allies to provide warning of an attack from the sky, so, too, can the United States and its allies cooperatively monitor computer networks for intrusions.
Some of the United States' computer defenses are already linked with those of U.S. allies, especially through existing signals intelligence partnerships, but greater levels of cooperation are needed to stay ahead of the cyberthreat. Stronger agreements to facilitate the sharing of information, technology, and intelligence must be made with a greater number of allies. The report
LEVERAGING DOMINANCE
the United States enjoys unparalleled technological resources, and it can marshal its advantages to create superior military capabilities in cyberspace. The Pentagon has already begun to explore how major companies can help the public sector address the cyberthreat. Through a public-private partnership called the Enduring Security Framework, the chief executive officers and chief technology officers of major information technology and defense companies now meet regularly with top officials from the
The U.S. government's research and development institutions have also turned their attention to cybersecurity. One of the more important innovations to emerge is the National Cyber Range program, developed by the
The government must also strengthen its human capital. The Pentagon has increased the number of its trained cybersecurity professionals and deepened their training. This includes a formal certification program that is graduating three times as many cybersecurity professionals annually as a few years ago. Following industry practices, the Pentagon's network administrators are now trained in "ethical hacking," which involves employing adversarial techniques against the United States' own systems in order to identify weaknesses before they are exploited by an enemy.
Even as the U.S. government strengthens its cadre of cybersecurity professionals, it must recognize that long-term trends in human capital do not bode well. the United States has only 4.5 percent of the world's population, and over the next 20 years, many countries, including China and India, will train more highly proficient computer scientists than will the United States. the United States will lose its advantage in cyberspace if that advantage is predicated on simply amassing trained cybersecurity professionals. The U.S. government, therefore, must confront the cyberdefense challenge as it confronts other military challenges: with a focus not on numbers but on superior technology and productivity. High-speed sensors, advanced analytics, and automated systems will be needed to buttress the trained cybersecurity professionals in the U.S. military. And such tools will be available only if the U.S. commercial information technology sector remains the world's leader -- something that will require continuing investments in science, technology, and education at all levels.
Making use of the private sector's innovative capacity will also require dramatic improvements in the government's procedures for acquiring information technology. On average, it takes the Pentagon 81 months to make a new computer system operational after it is first funded. Taking into the account the growth of computing power suggested by Moore's law, this means that by the time systems are delivered, they are already at least four generations behind the state of the art. By comparison, the iPhone was developed in 24 months. That is less time than it would take the Pentagon to prepare a budget and receive congressional approval for it.
To replicate the dynamism of private industry, the Pentagon is developing a specific acquisition track for information technology. It is based on four principles. First, speed must be a critical priority. The Pentagon's acquisition process must match the technology development cycle. With information technology, this means cycles of 12 to 36 months, not seven or eight years. Second, the Pentagon must employ incremental development and testing rather than try to deploy large complex systems in one "big bang." Third, the U.S. military must be willing to sacrifice or defer some customization in order to achieve speedy incremental improvements. Fourth, the
ENTERING A NEW ERA
The daunting challenges of cybersecurity represent the beginning of a new technological age. In this early hour, the United States' greatest strength is its awareness of the transformation. Today's predicament calls to mind an urgent letter written to President Franklin Roosevelt on the eve of another new technological era. Dated
The cyberthreat does not involve the existential implications ushered in by the nuclear age, but there are important similarities. Cyberattacks offer a means for potential adversaries to overcome overwhelming U.S. advantages in conventional military power and to do so in ways that are instantaneous and exceedingly hard to trace. Such attacks may not cause the mass casualties of a nuclear strike, but they could paralyze U.S. society all the same. In the long run, hackers' systematic penetration of U.S. universities and businesses could rob the United States of its intellectual property and competitive edge in the global economy.
These risks are what is driving the Pentagon to forge a new strategy for cybersecurity. The principal elements of that strategy are to develop an organizational construct for training, equipping, and commanding cyberdefense forces; to employ layered protections with a strong core of active defenses; to use military capabilities to support other departments' efforts to secure the networks that run the United States' critical infrastructure; to build collective defenses with U.S. allies; and to invest in the rapid development of additional cyberdefense capabilities. The goal of this strategy is to make cyberspace safe so that its revolutionary innovations can enhance both the United States' national security and its economic security.
Available at Amazon.com:
Hot Time in the Old Town: The Great Heat Wave of 1896 and the Making of Theodore Roosevelt
American Insurgents, American Patriots: The Revolution of the People
Broke, USA: From Pawnshops to Poverty, Inc.How the Working Poor Became Big Business
Were You Born on the Wrong Continent?: How the European Model Can Help You Get a Life
The Disappearing Center: Engaged Citizens, Polarization, and American Democracy
The Virtues of Mendacity: On Lying in Politics
Bush on the Home Front: Domestic Policy Triumphs and Setbacks
The Political Fix: Changing the Game of American Democracy, from the Grassroots to the White House
WORLD | AFRICA | ASIA | EUROPE | LATIN AMERICA | MIDDLE EAST | UNITED STATES | ECONOMICS | EDUCATION | ENVIRONMENT | FOREIGN POLICY | POLITICS
Defending a New Domain: The Pentagon's Cyberstrategy