Lynn Outlines Protections for Information

By Samantha L. Quigley
American Forces Press Service

Dec. 4, 2009 - Although information technology enables the Defense Department to make gains in military capabilities, those gains come at a cost, the deputy defense secretary told industry executives in New York. "The Defense Department makes a tempting target," William J. Lynn III said. "We have 7 million computer devices, and each is under threat. This is not a new threat."

Lynn told several hundred Aerospace and Defense Conference attendees Dec. 2 that more than 100 foreign intelligence organizations are trying to hack in to U.S. systems, and foreign governments are developing offensive cyber capabilities. Some already have the capacity to disrupt elements of U.S. information.

Organized criminal groups and hackers are trying to get in on the act as well, he said. They're building global networks of compromised computers and renting them to the highest bidders, in essence becoming 21st century cyber mercenaries.

"So our defense networks are under threat each and every day," Lynn said. "They are probed thousands of times a week. They are scanned millions of times a day, and the frequency and sophistication of these attempts and these intrusions are increasing exponentially."

Because of its importance and the threats against it, the department now formally recognizes cyberspace for what it is: a domain similar to land, sea, air and space, Lynn said.

And just like those other domains, it needs protection. "Just as we need freedom of navigation of the seas, we need freedom of movement online," Lynn said.

The department is working in culture, capabilities, and command to meet the threats against it in cyberspace.

Most of the 90,000 personnel defending the 15,000 networks are not formally certified in information assurance. An expansion of the department's training and certification programs will help to build a "truly world-class cyber workforce," Lynn said.

The creation of a testing ground will allow the department to engage in real-world simulations so it can develop, test, and field new cyber security capabilities.

Also, Defense Secretary Robert M. Gates approved the creation of the Cyber Command as a sub-component of the Strategic Command. It will lead day-to-day defense and protection of all defense networks, Lynn said, while emphasizing its specific focus.

"I want to be very clear about this: Cybercom is not the militarization of cyberspace," he said. "It will be responsible for the DoD's networks – the dot-mil world."

Responsibility for the civilian defense networks, the dot-gov networks, will remain with the Homeland Security Department.

"We're making progress, but we still have a long way to go," he said. Another part of the progress is the president's new office of cyber security. But the question of how to partner with industry remains, he said.

"The cyber domain, unlike land, sea, air and space, is owned primarily by private entities, which operates most of our nation's information infrastructure," Lynn said. "To protect it, the government needs to establish coherent, effective laws and regulations that preserve proprietary information.

"Devising answers to these questions is an enormous challenge," he added.

Also working on these challenges for the government, business partnerships in particular, is Robert J. Butler, the deputy assistant secretary of defense for cyber and space policy. He participated in the Armed Forces Communications and Electronics Association International town hall Dec. 3, to close the organization's "Solutions Series" conference.

"Within my arena, [Office of the Secretary of Defense] policy, we have three primary goals," he said. "One is to provide guidance within the department, working for the secretary ... to find ways that we can build those organizational relationships within the government, and then the international partnerships."

He agrees with Lynn that the effort to meet cyber threats fall into the "three Cs" -- culture, capability and command.

"I spend a fair amount of my time really working with lots of different groups on the education process," he said. "I see that as a huge issue. I would encourage, and I'm certainly excited and enthused, [about] what AFCEA has been doing through this [AFCEA Solutions] series."

The town hall concluded the two-day conference, "Cyberspace at the Cross Roads: The Intersection of Cyber, National and Economic Security."

The purpose of the conference, held in Virginia, was to further the dialogue between government and the private sector on key policy and technology barriers limiting the ability to combat threats.