Defense Department releases cyber operation strategy

Share this article:

The Department of Defense (DoD) on Thursday released the unclassified version of its first-ever cyberspace operations strategy, but the blueprint comes too late to have prevented a number of past breaches.

Outgoing DoD Deputy Secretary William Lynn revealed during his speech to announce the new strategy that the agency was victimized by a major incident in March, when foreign hackers broke into the computers of an unnamed military contractor and stole 24,000 sensitive Pentagon files.

And attacks against defense networks also have resulted in the loss of data about missile tracking systems, satellite navigation devices, unmanned surveillance drones and jet fighters, Lynn said.

An unclassified summary of the new strategy, outlines how the Defense Department operates in cyberspace -- the fifth warfighting domain, next to land, water, air and space -- and safeguards its networks.  Lynn unveiled the plan Thursday at the National Defense University in Washington.

The report stresses increasing network resiliency and beefing up the U.S. military's cybersecurity capabilities to ensure the Defense Department can operate normally in the event of a major compromise.

“The cyberthreats we face are urgent, sometimes uncertain and potentially devastating as adversaries constantly search for vulnerabilities,” Lynn said in a statement. "Our infrastructure, logistics network and business systems are heavily computerized. With 15,000 networks and more than seven million computing devices, the [Defense Department] continues to be a target in cyberspace for malicious activity.”

Because the Defense Department's release is an unclassified version of the plan, it does not contain full details, according to reports citing Marine Corps Col. Dave Lapan. For example, It does not include any mention of offensive cyber operation plans or state how the department would specifically respond to an attack. The classified report is roughly 40 pages long.

The unclassified portion of the strategy said the department will prepare soldiers for a variety of scenarios, such as "degraded cyberspace operations for extended periods and disruption during a mission."

To bolster the security of its networks, the Defense Department has deployed a system made up of sensors, software and intelligence to detect and prevent intrusions and vulnerabilities in real time. The system is designed to detect and stop malicious activity before it can affect department networks. 

The department added that it plans to constantly evolve its defense mechanisms to respond to the latest threats. It will also enhance its security best practices, deter insider threats and explore new defense mechanisms.

Secretary of Defense Leon Panetta said in a statement that the agency must prepare for increased threats.

“It is critical to strengthen our cyber capabilities to address the cyberthreats we're facing,” Panetta said.

The plan also emphasizes the importance of partnerships with other government agencies, such as the Department of Homeland Security (DHS), as well as the private sector and foreign nations.

“Our success in cyberspace depends on a robust public/private partnership,” said Lynn, the Pentagon's second-highest-ranking civilian, who will vacate his post later this summer. “The defense of the military will matter little unless our civilian critical infrastructure is also able to withstand attacks.”

Last October, the Defense Department and DHS announced plans to align their cybersecurity capabilities to better protect the nation's networks.

The agreement, signed by Gates and Secretary of Homeland Security Janet Napolitano, outlined a framework whereby the agencies can provide cybersecurity support to one another. The alliance was intended to improve collaboration as the two departments carry out their respective cybersecurity missions.

The partnership appears to be an effort to move past previous agency turf wars.

The Defense Department also plans, as part of its new strategy, to build up its roster of civilian and military personnel by creating new programs to attract skilled workers, and  to streamline federal recruitment and hiring processes.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.