RSA: Pentagon Taking New Approach To Security Threats


The Pentagon is bringing in the big guns to deal with the threat of espionage and sabotage related attacks on its networks. Only in this case, the assistance isn't just coming from the military, but from a network security collaboration that also includes the government and private sectors.

In a keynote Tuesday at the RSA 2011 information security conference in San Francisco, U.S. Deputy Secretary of Defense William Lynn III said the Department Of Defense (DoD) is in the final stages of developing a new security strategy -- called Cyber 3.0 -- that formally recognizes cyberspace as a new domain for warfare. It's part of the U.S. Cyber Command initiative launched in 2009, which directs the military to defend government networks in the same way as it does the country's land, sea, air and space interests.

"To maintain our national security, our military must be as capable in this new domain as it is in more traditional domains," Lynn told RSA attendees.

The DoD has equipped its network with what Lynn called "active defenses," which use signatures and sensors to help the agency hunt down threats within its own networks, and cordon off and delete malicious software.

Lynn said attackers are stepping up their perusal of government and private sector networks, including electrical grid and financial systems. He noted that while Al Qaeda has yet to unleash its promised attacks on U.S. military and government networks, other groups could buy or develop exploit code and wreak all sorts of havoc. "Looking at the tools that exist today it's clear that this capability already exists," Lynn said.

One way to increase security on government and private sector networks is to adopt military style protections. The National Cyber Security Division (NCSD), a division of the Department Of Homeland Security, works with public, private and international agencies to deal with threats, an effort that includes the use of military technology to secure government networks, Lynn said.

The DoD is working with telecommunications service providers, too, as they have visibility into global networks and can detect attacks transiting their systems. Service providers also have the operational capacity to respond, and the DoD is working with these firms to share critical data, according to Lynn.

But the DoD also wants to learn about how the private sector deals with security threats. On Tuesday, the DoD launched its Information Technology Exchange program, an effort to get senior DoD IT management to incorporate security best practices commonly used in the commercial space. "We want senior IT managers in the department to incorporate more commercial practices,” he said.

The DoD also wants to tap into the expertise of security professionals working in the civilian IT world who also happen to members of the National Guard and Reserves. "It is going to take a public-private partnership to secure our networks. These types of initiatives substantially enhance the government's ability to confront threats," Lynn said.

Lynn said the DoD has learned much from the 2008 breach in which an unspecified foreign intelligence agency used a thumb drive plugged into a laptop at a U.S. post in the Middle East to penetrate classified computing systems.

"It was our worst fear, a rogue program operating on our system and poised to deliver operational plans into the hands of our enemy," Lynn said.