It looks like the Pentagon is finally starting to take all of this hacking business seriously. At a recent cyber strategy speech, the Pentagon revealed more about its plans for dealing with cyberattacks. It seems that the Pentagon wants to protect not only their own servers but also servers owned by banks, transportation groups, utility companies, and other non-government groups.
During the speech given at the National Defense University in Washington, D.C., William Lynn, the deputy secretary of defense said, "Our assessment is that cyberattacks will be a significant component of any future conflict, whether it involves major nations, rogue states, or terrorist groups." It was also revealed during the meeting that a breech that happened last March resulted in 24,000 sensitive files being compromised. It's probably a good idea that the Pentagon finally figured out that cyberattacks could be dangerous, but one would think they should have pushed a more aggressive stance on the issue a little more quickly.
Lynn used the attack from last March to illustrate the dangers of cyberattacks and the involvement of foreign entities. The files were apparently lifted from a defense contractor by "foreign intruders". The specifics of what was in the files, what country the foreign intruders were from, and who the defense contractor was were undisclosed.
So what did Lynn have to say about the overall strategy of the government against these attacks? His exact statement was,
"Commentators have asked whether and how the U.S. would respond militarily to attacks on our networks. And this speculation has prompted concerns that cyberspace is at risk of being militarized--that a domain overwhelmingly used by civilians and for peaceful purposes could be fundamentally altered by the military's efforts to defend it. The concern here, as in other areas of our security, is that the measures put in place to prevent hostile actions will negate the very benefits of cyberspace we seek to protect.
We have designed our DoD Cyber Strategy to address this concern...This emphasis on cyberdefenses illustrates how we are both mindful of those who would do us harm using cyber means, but also committed to protecting the peaceful use of cyberspace. Far from "militarizing" cyberspace, our strategy of securing networks to deny the benefit of an attack will help dissuade military actors from using cyberspace for hostile purposes. Indeed, establishing robust cyberdefenses no more militarizes cyberspace than having a navy militarizes the ocean. This commitment to peace through preventive defense is at the heart of our DoD Cyber Strategy and the Administration's overall approach to cyberspace."
It appears clear that the government wants to consider the cyber domain as another entity entirely. That would mean all wars would be fought over air, sea, ground, and cyber. The other main ideas are to work with the private sector, use technology to boost security, and push new cyber defense concepts to the military.
Lynn was very clear about storing of private sector data saying,
"The U.S. government is not monitoring, intercepting, or storing any private sector communications."
"Rather, threat intelligence provided by the government is helping the companies themselves, or the Internet service providers working on their behalf, to identify and stop malicious activity within their networks."
We'll see how this plan takes shape moving forward and what the broader impacts of this kind of government action will be.
