NATO’s Sense of Purpose on Cybersecurity Impresses Lynn

By Jim Garamone

American Forces Press Service

BRUSSELS, Belgium, Sept. 15, 2010 – Deputy Defense Secretary William J. Lynn III said today he is encouraged by the sense of purpose on cybersecurity he has found during his visit to NATO and the Supreme Headquarters Allied Powers Europe.

Lynn told reporters at a media roundtable here that he is encouraged by the response he’s received from NATO members to his presentation on cybersecurity yesterday before the alliance’s North Atlantic Council. The council is made up of the ambassadors to NATO from the 28 member nations.

“It seemed to me to be broadly held that NATO needs to make a strong commitment in this area,” he said, “and I was impressed with that sense of purpose.”

Lynn stressed the need for collective defense in cyberspace and said that NATO is the perfect platform to combat this threat. He spoke to the council as the body is working on the strategic concept that leaders will discuss at a November summit in Lisbon, Portugal, where alliance heads of state will decide NATO’s key priorities.

The alliance understands the need for cybersecurity, Lynn said, and already is moving in that direction. The NATO Cyber Incident Response Center has stood up, he noted, and there are plans to bring it to full operational capability.

“They are in discussions on what the right operational concepts should be in regard to the broader NATO reform effort,” he said, “but I am quite confident that we will see the right organizational structure to address cyber issues post-summit.”

Coming out of the summit, Lynn said, he would like to see a high-level commitment to cybersecurity as a priority for the alliance. He would also like to see progress in the organization constructs that address this threat, he added, and he would like to see growth in capabilities.

The deputy secretary addressed the nature of what collective defense means in the cyber arena.

“The concept of collective defense doesn’t mean you open your networks to every other user,” he said. But it does mean that members share information about attacks and remedies.

“We monitor activities on our networks, and we see threats of different types,” he said. “In a collective defense environment, you share what you see of those threats with your allies. If you develop patches or responses, you share that as well. It doesn’t have to mean that your networks are all linked together.”

The alliance depends on information technology and networks, as all Western militaries do. NATO has joint networks that all allies share, Lynn noted, and that is another argument for good cybersecurity.

“What you have to worry about is that the information on the joint network is subject to the lowest level of security of any of its components,” he said. “So you are trying to raise everybody up, but it’s more to protect the information that is shared jointly, and the collective defense concept is more sharing the threats so you are able to anticipate them more.”

The alliance is also looking at reforming its internal organizations, the deputy secretary said, adding that he believes cybersecurity will gain in prominence as the process moves forward.