Accessibility links

Pentagon Unveils New Offensive Cybersecurity Strategy

  • RFE/RL

The United States' new cyberdefense strategy focuses more on aggressively deterring hackers.

The United States' new cyberdefense strategy focuses more on aggressively deterring hackers.

The U.S. military has unveiled a new, offensive strategy for protecting its computer networks against digital attacks, announcing that it had suffered one of the worst hacker attacks in its history in March.

It said the breach took place when a foreign intelligence agency penetrated the computer system of a corporate contractor and stole 24,000 Pentagon files in a single attack. The name of the agency, the U.S. military contractor, and the nature of the data stolen were not revealed.

Deputy Defense Secretary William J. Lynn III disclosed the attack on July 14 as he released the new cyberdefense strategy, which would shift the military's previous, passive defense of its computer systems to one in which cyberspace is seen as an "operational domain" where U.S. forces would train to protect against attacks.

Speaking at the National Defense University, Lynn said the Pentagon must be prepared to respond to hostile acts in cyberspace just as on "land, air, and sea."

Military Response

"Accordingly, the United States reserves the right, under the laws of armed conflict, to respond to serious cyber attacks with a proportional and justified military response at the time and place of its choosing," he added.

Lynn called the change a "strategic shift," saying current measures have failed to stop the loss of sensitive information. He said the new "dynamic defense" would seek to deter potential attackers by searching for them on the Internet instead of waiting for an attack.

He maintained that the strategy would prepare the military for a threat that was still evolving, saying the United States wants to avoid militarizing cyberspace, but plans to secure strategic computer systems with the threat of retaliation.

"This strategy holds that our posture in cyberspace must mirror the posture we assume to provide security for our nation overall," Lynn said. "Namely, our first goal is to prevent war. We do this in part by preparing for it."
"Keystrokes originating in one country can impact the other side of the globe in the blink of an eye."

The attack in March illustrates the growing difficulties the Pentagon faces protecting the vast computer networks, including private ones, on which it relies.

Bits And Bytes As Dangerous As Bullets And Bombs

Lynn indicated that the new strategy was prompted by the appearance of new tools hackers can use to destroy "critical networks."

"As a result of this threat, keystrokes originating in one country can impact the other side of the globe in the blink of an eye," he said. "In the 21st century, bits and bytes can be as threatening as bullets and bombs."

Lynn said the Pentagon will introduce new operating concepts and capabilities for its computer networks, including sensors and software that would detect malicious code before it affects U.S. operations. It would also enable military computer networks to recover more quickly from attacks.

Speaking to reporters before Lynn's speech, General James Cartwright, vice chairman of the Joint Chiefs of Staff, said the 90 percent of the current strategy concentrated on building firewalls and only 10 percent focused on deterring hackers. That strategy, he suggested, was inadequate.

"If it's OK to attack me, and I'm not going to do anything other than improve my defenses every time you attack me," he said, "it's very difficult to come up with a deterrent strategy."

The new strategy is the final part of a drive by the Obama administration to protect military computer systems run by the government and private companies. It calls on the military to boost cooperation with other government agencies as well as U.S. allies abroad.

More Than $1 Trillion In Economic Losses

The U.S. military operates more than 15,000 computer networks and 7 million computers around the world.

Lynn said the networks are attacked millions of times a day, and that terabytes of data have been stolen from military and defense company computer networks over the past decade. Thefts have included plans for missile-tracking systems, surveillance technology, satellite communications systems, and aircraft avionics.

He estimated economic losses at more than $1 trillion.

Lynn said the cybertheft last March targeted a contractor developing weapons systems, and that the Pentagon has a "pretty good idea" who stood behind it. Previous cyberattacks have been blamed on Russia and China.

with agency reports