HomeFeaturesSnapshots › The Pentagon's Cyberstrategy, One Year Later

The Pentagon's Cyberstrategy, One Year Later

Defending Against the Next Cyberattack
William J. Lynn III
September 28, 2011
Article Summary and Author Biography

More destructive cyberweapons are being created every day, and an increasingly sophisticated technology black market virtually guarantees that they will eventually land in the hands of the United States' enemies. Robust defenses are no longer a luxury, they are a necessity.

WILLIAM J. LYNN III is U.S. Deputy Secretary of Defense.

Print Email
Login or Register to leave a comment.

Sign-up for free weekly updates from ForeignAffairs.com.
Essay
Defending a New Domain
William J. Lynn III

Right now, more than 100 foreign intelligence organizations are trying to hack into the digital networks that undergird U.S. military operations. The Pentagon recognizes the catastrophic threat posed by cyberwarfare, and is partnering with allied governments and private companies to prepare itself.

For almost all of human history, man has waged war on land and at sea. Air and space emerged as potential battlefields only in the past few generations. Now, the danger of cyberwarfare rivals that of traditional war. The advent of more destructive technologies -- and of their inevitable proliferation among actors willing to use them -- means that the United States must strengthen its critical national networks against ever worse threats.

In "Defending a New Domain" (September/October 2010), I announced that the Pentagon had officially recognized cyberspace as an operational domain and went on to describe the military's cyberstrategy. One year later, U.S. military networks are better defended, the U.S. Cyber Command is fully operational, and we have made progress working with private industry to secure critical infrastructure. Meanwhile, the Obama administration has committed half a billion dollars to develop advanced defensive technologies, including novel approaches to improving network security. But much remains to be done, and the window for doing it is short.

CYBERCONFLICT

Our assessment is that cyberattacks will be a significant component of future conflicts. Over thirty countries are creating cyber units in their militaries. It is unrealistic to believe that each one will limit its capabilities to defense. Moreover, the centrality of information technology to the U.S. military and society virtually guarantees that future adversaries will target it.

A burgeoning market for cybercrime services, with settled price lists for botnet rentals and denial-of-service attacks, already exists in the murky underworld of organized crime.

The United States is now in the midst of a strategic shift in the cyberthreat. Until now, intrusions have largely been for the purpose of exploitation: stealing intellectual property from commercial networks or spying on the government. There have also been disruptive cyberattacks, for example on Estonia, in 2007, and Georgia, in 2008. In a development of extraordinary importance, cyber technologies now exist that are capable of destroying critical networks, causing physical damage, or altering the performance of key systems. In the twenty-first century, bits and bytes are as threatening as bullets and bombs.

The cyberthreat is also intensifying in a second direction: toxic technologies are proliferating among actors willing to use them. At present, sophisticated cyber capabilities reside almost exclusively in the hands of advanced nation states. For them, U.S. power -- both military and cyber -- is a strong deterrent. Although attribution of a cyberattack is difficult, the risk of discovery is likely too great for a major nation to mount a major attack. But circumstances can change. The United States must guard against the possibility of a future adversary who is not deterred from launching a cyberstrike.

Terrorist groups and rogue states must be considered separately. With few assets the United States can hold at risk, they are more willing to provoke. To advance their radical agendas, they are intent on acquiring, refining, and expanding their cyber capabilities. A burgeoning market for cybercrime services, with settled price lists for botnet rentals and denial-of-service attacks, already exists in the murky underworld of organized crime. If a terrorist group does obtain destructive cyberweapons, it could strike with little hesitation. Faced with these threats, the United States must guard against both a cyber Pearl Harbor, as Secretary of Defense Leon Panetta has warned, and the possibility of a cyber 9/11. Indeed, Panetta recently noted how the disruptive effects of a cyberattack may well be worse than 9/11 and Pearl Harbor combined.

In short, more destructive tools are being created every day, but have not been widely used. Similarly, the most malicious actors have not yet obtained the most harmful technologies. But this situation will not hold forever. There will eventually be a marriage of capability and intent, where those who mean to harm the United States will gain the ability to launch a damaging attack. The United States must develop stronger defenses before this occurs.

To meet this growing threat, the Department of Defense developed a strategy for operating in cyberspace that has five pillars: treating cyberspace as an operational domain, like land, air, sea, and outer space; employing active defenses to stop malicious code before it affects our networks; protecting commercial networks that operate the critical infrastructure that our military relies upon; joining with allies to mount a collective cyberdefense; and mobilizing industry to redesign network technology with security in mind. (The strategy is available at www.defense.gov/cyber.)

CRITICAL INFRASTRUCTURE

Display on a Single Page

Related

Essay, Sep/Oct 2010
Defending a New Domain
William J. Lynn III

Right now, more than 100 foreign intelligence organizations are trying to hack into the digital networks that undergird U.S. military operations. The Pentagon recognizes the catastrophic threat posed by cyberwarfare, and is partnering with allied governments and private companies to prepare itself.

Read
Essay, Mar/Apr 1996
America's Information Edge
Joseph S. Nye, Jr. and William A. Owens

The American century, far from being over, is on the way. The information revolution, which capsized the Soviet Union and propelled Japan to eminence, has altered the equation of national power. America leads the world in the new technologies. Its emerging military systems can thwart any threat. On the "soft-power" side, it projects its ideals and other countries follow. To prevent an information race, America must share its lead; to preserve its reputation, it must keep its house in order.

Read
Essay, Jan 1954
Radar Defense Today--and Tomorrow
Sir Robert Watson-Watt

RADAR is now such a well-advertised secret that no one, physicist or publicist, stops to tell the simple citizen the simple facts about it--how it works, what it does easily, what it can do only with difficulty if at all, how it may be better used, how it may be frustrated. Yet all this can be put in civilian English without coming anywhere near the limit of what is recorded in military Russian. Radar is at once a science and an art, at once a process, a device and a system. What it achieves depends only in part on physics.

Read