Deputy Defense Secretary Bill Lynn is keeping up his grim drumbeat about the dangers of cyber-warfare and cyber-espionage; he told an audience at the Defense Information Systems Agency on Tuesday that cyber-snooping has cost the U.S. 'terabytes' of information over the past few years, and gave a few new details about the nature of what has been lost:
"It is a significant concern that over the past decade, terabytes of data have been extracted by foreign intruders from corporate networks of defense companies. In a single intrusion this March, 24,000 files were taken," Lynn said. "When looking across the intrusions of the last few years, some of the stolen data is mundane, like the specifications for small parts of tanks, airplanes, and submarines. But a great deal of it concerns our most sensitive systems, including aircraft avionics, surveillance technologies, satellite communications systems, and network security protocols."
So this means the integrity of networks themselves -- what they contain, their basic functions, and users' ability to trust their security -- must be another key area of focus for the defense and intelligence worlds, Lynn said. It's worth taking an extended look at what he said:
To date, the most prevalent cyber threat has been exploitation of our networks. By that, I mean the theft of information and data from both government and commercial networks. On the government side, foreign intelligence services have ex-filtrated military plans and weapons systems designs. Commercially, valuable source code and intellectual property has likewise been stolen from business and universities. The recent intrusions in the oil and gas sector and at NASDAQ join those that occurred at Google as further, troubling instances of a widespread and serious phenomenon.This kind of cyber exploitation does not have the dramatic impact of a conventional military attack. But over the long term it has a deeply corrosive effect. It blunts our edge in military technology and saps our competitiveness in the global economy.
More recently, a second threat has emerged—and that is disruption of our networks. This is where an adversary seeks to deny or degrade the use of an important government or commercial network. And it happened in the denial of service attacks against Estonia in 2007 and Georgia in 2008. The effect is usually reversible. But the resulting economic damage and loss of confidence may not be.
To this point, the disruptive attacks we have seen are relatively unsophisticated in nature, short in duration, and narrow in scope. In the future, more capable adversaries could potentially immobilize networks on an even wider scale, for longer periods of time.
The third and most dangerous cyber threat is destruction, where cyber tools are used to cause physical damage. This development—which marks a strategic shift in the cyber threat—is only just emerging. But when you look at what tools are available, it is clear that this capability exists. It is possible to imagine attacks on military networks or critical infrastructure—like our transportation system and energy sector—that cause severe economic damage, physical destruction, or even loss of life.
Of course, it is possible that destructive cyber attacks will never be launched. Regrettably, however, few weapons in the history of warfare, once created, have gone unused. For this reason, we must have the capability to defend against the full range of cyber threats. This is indeed the goal of the Department’s cyber strategy, and it is why we are pursuing that strategy with such urgency.
Lynn makes the ongoing cyber-crisis sound like aviation in World War I -- somewhat effective, but still crude as its practitioners refine their weapons and tactics. What Lynn and other top defense officials want with DoD's new cyber-strategy, and warnings like these, is to prepare now before cyber-combat has advanced to its equivalent of World War II. What's to be done? Lynn said the Pentagon, its vendors, and other federal agencies will cooperate to figure out what's next:
We realize that we must help our partners protect their networks. Toward that end, the Department of Defense, in partnership with DHS, has established a pilot program with a handful of defense companies. In this Defense Industrial Base—or DIB—Cyber Pilot, classified threat intelligence is shared with defense contractors or their commercial internet service providers along with the know-how to employ it in network defense. By furnishing this threat intelligence, we are able to help strengthen these companies’ existing cyber defenses.The government has deep awareness of certain cyber threats. We have what some have termed a “special sauce” of malicious code signatures gathered from various intelligence efforts. Loading these signatures onto existing systems dramatically increases the effectiveness of cyber security. In this way, the DIB Cyber Pilot builds off existing capabilities that are widely deployed through the commercial sector.
Right now about 20 companies are involved in the 90-day pilot program. It is important to note that the pilot is voluntary for all participants, that the U.S. government is not monitoring, intercepting, or storing any private sector communications, and that the pilot has already stopped hundreds of attempted intrusions. The pilot also appears to be cost effective. In the coming months, we will expand the pilot to the rest of the industrial base, as well as other key areas of critical infrastructure. DISA and industry partners will be crucial to making this initiative work.
The next question is: When -- and how -- will we know if it has?
