Top Defense official says the U.S. must beef up cyber defenses

Any major conflict the United States faces in the future will include some element of cyberwarfare, which means the nation must develop a comprehensive strategy to deal with cyber threats, Defense Deputy Secretary William J. Lynn III said during a briefing for bloggers who cover the Defense Department.

Lynn is the author of a much publicized article that Foreign Affairs magazine posted on its website Wednesday afternoon disclosing Defense networks were infiltrated in 2008 by a malicious code that "spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control."

"It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary," Lynn said in the article.

During the meeting with Defense bloggers, Lynn said the department must expand its deterrence capabilities beyond firewalls to respond to attacks at "network speed" by tracing malicious code when it "calls home," a term used to describe when the malware, after planting itself in military systems, begins to send stolen information back to the originator of the attack.

In addition, Defense should ensure it can extend network protection to commercial critical infrastructure systems it uses for logistics and power, Lynn said. That mission is assigned to the Homeland Security Department, but he said Defense can provide technical assistance to DHS.

Writing in the just released September/October issue of Foreign Affairs, Lynn said the Pentagon needs to take a more active role in protecting commercial networks as it develops a cyber policy.

"The U.S. government has only just begun to broach the larger question of whether it is necessary and appropriate to use national resources, such as the defenses that now guard military networks, to protect civilian infrastructure," he wrote.

"Policymakers need to consider, among other things, applying the National Security Agency's defense capabilities beyond the .gov domain, such as to domains that undergird the commercial defense industry. U.S. defense contractors have already been targeted for intrusion, and sensitive weapons systems have been compromised," Lynn said in the article.

During the briefing with bloggers, he added the Pentagon is working with DHS and the private sector to come up with innovative ways to protect the defense industry.

International cooperation is a key component of a comprehensive cyber defense strategy, and Lynn said he has talked to Australia, Canada and the United Kingdom about creating a coordinated cyber defense policy and plans to have discussions with NATO soon.

Lynn expects the Pentagon to develop a new cyber policy by the end of this year.

The United States also needs to ensure it maintains and leverages technical dominance in the cyber arena, which includes a cadre of military cyber professionals backed up by artificial intelligence systems to quickly detect and counter threats against military networks. The Pentagon also needs to speed up its acquisition of information technology systems to keep pace with development, Lynn said.

In November 2008, Defense banned the use of flash media on its systems because of concerns the devices could be infected with malware. In his Foreign Affairs article, Lynn said the Pentagon discovered a flash drive inserted into a U.S. Central Command computer at an undisclosed Middle East location had been infected with malware "placed there by a foreign intelligence agency."

In the article, Lynn described the incident as "the most significant breach of U.S. military computers ever, and it served as an important wake-up call. The Pentagon's operation to counter the attack, known as Operation Buckshot Yankee, marked a turning point in U.S. cyber defense strategy."

In the call with bloggers, Lynn declined to identify the foreign intelligence agency that had planted the malware, but he said the malicious code had infected Defense classified systems, including the Seceret Internet Protocol Router Network.

Lynn said the Pentagon needs to develop a deterrence strategy to keep enemies form even considering attacks, using the Cold War of mutually assured destruction. But, unlike nuclear weapons, determining the identity of an attacker in cyberspace is difficult, inhibiting direct retaliation, he added.