Sunday, May 1, 2011

Cyber 3.0 - DoD Comprehensive Cyber Strategy to be unveiled soon


We have established the U.S. Cyber Command to operate and defend our networks.  We have begun discussions with our allies on implementing shared cyber defenses.  And we are in the final stages of review of a comprehensive cyber strategy, called Cyber 3.0.

That strategy is based on five pillars. 

First, the Defense Department has formally recognized cyberspace as a new domain of warfare—like land, air, sea and space.  Treating cyberspace as a domain means that the military needs to operate and defend its networks, which is why we established U.S. Cyber Command.   It also means that the military services need to organize, train, and equip forces to perform cyber missions.  Each of the services has recently created organizations to do just that. 

Second, we have equipped our networks with active defenses.  It is not adequate to rely on passive defenses that employ only after-the-fact detection and notification.  We have developed and now employ a more dynamic approach to cyber defense.  Active defenses operate at network speed, using sensors, software, and signatures derived from intelligence to detect and stop malicious code before it succeeds.
Third, we must ensure that the critical infrastructure on which our military relies is also protected.  The threats we face in cyberspace target much more than military systems.  Cyber intruders have already probed many government networks, our electrical grid, and our financial system.  Secure military networks will matter little if the power grid goes down or the rest of government stops functioning—which is why the Department of Homeland Security’s cyber mission is so crucial.

Fourth, we are building collective defenses with our allies.   Just as our air defenses are linked to those of our allies to provide warning of aerial attack, so too can we cooperatively monitor our computer networks for cyber intrusions.

The fifth pillar of our strategy is to marshal our country’s vast technological and human resources to ensure the United States retains its preeminent capabilities in cyberspace, as it does in other domains.  I want to spend the remainder of my time discussing this aspect of the strategy and its implications for private industry.
Cyber 3.0 is an important milestone for our Department.  But even if we execute it flawlessly, the fact is that the government cannot protect our nation alone.

Cyber defense is not a military mission, like defending our airspace, where the sole responsibility lies with the military.  The overwhelming percentage of our nation’s critical infrastructure—including the internet itself—is largely in private hands.  It is going to take a public-private partnership to secure our networks.

Deputy Secretary Bill Lynn's full speech is HERE.

No comments: