Deputy Defense Secretary William Lynn said Tuesday that the U.S. government is "moving aggressively" to counter evolving cyberthreats and is currently in the final stages of a comprehensive cyberstrategy review. The time to act is now while cyberattacks are still "relatively unsophisticated in nature, short in duration, and narrow in scope," he said.

The danger is that powerful cybertools already exist that one day could be deployed by the nation's adversaries to potentially cause severe economic damage, physical destruction, and even loss of life, Lynn said in a keynote address at the RSA security Relevant Products/Services conference in San Francisco.

"We must have the capability to defend against the full range of cyberthreats," Lynn said. "This is indeed the goal of the Defense Department's new cyberstrategy, and it is why we are pursuing that strategy with such urgency."

A New Domain of Warfare

FBI Director Robert Mueller, CIA Director Leon Panetta, and Director of National Intelligence James Clapper have already told the House Subcommittee on Emerging Threats and Capabilities that sophisticated cyberattacks could place the nation's security in jeopardy.

"Each of them said it was very serious," said subcommittee Chairman Mac Thornberry (R-Texas). "In fact, Clapper testified that 'The threat Relevant Products/Services is increasing in scope and scale, and its impact is difficult to overstate.' And our vulnerability is growing because our dependence on cyber Relevant Products/Services is growing in just about every aspect of our lives."

Though the open, transparent and interoperable nature of the worldwide web has endowed it with undeniable dynamism, it has also given attackers a significant advantage that becomes obvious when comparing antivirus software Relevant Products/Services to the malware it attempts to defeat, Lynn said. "Sophisticated antivirus suites now run on about 10 million lines of code, yet malware written with as little as 125 lines of code has remained able to penetrate antivirus software," he observed.

The Defense Department has already formally recognized cyberspace as a new domain of warfare -- like land, air, sea and space, Lynn explained. "Treating cyberspace as a domain means that the military needs to operate and defend its networks, which is why we established U.S. Cyber Command," Lynn told the RSA attendees.

Furthermore, U.S. military services need to be organized, trained and equipped to perform cyber missions. "Each of the services has recently created organizations to do just that," Lynn said. "In short, to maintain our national security, our military must be as capable in this new domain as it is in the more traditional domains."

A Cooperative Effort

Lynn suggested several avenues of industry-government cooperation need to be pursued under the Defense Department's forthcoming Cyber 3.0 strategy. "We need the scientific community to help strengthen our network Relevant Products/Services architecture" even as Cyber 3.0 seeks to foster "the sharing of information" about potential threats between the U.S. government and the private sector.

Lynn also called for the development of active cyberdefenses that "operate at network speed using sensors, software and signatures derived from intelligence Relevant Products/Services to detect and stop malicious code before it succeeds." Moreover, the military's evolving cybercapabilities will need to be built so they can be made available to civilian leaders to help protect Relevant Products/Services the networks that support government operations and critical infrastructure Relevant Products/Services.

"It is clear that securing our networks will require unprecedented industry and government cooperation," Lynn observed. "With the threats we face, working together is not only a national imperative -- it is also one of the great technical challenges of our time."

Cisco Relevant Products/Services Systems Vice President John N. Stewart commented, "Commercial enterprises, such as Cisco, have built a global threat-correlation system that protects both government and enterprise Relevant Products/Services customers alike, here in the U.S. and around the world. We are collaborating today to increase the effectiveness of our defense Relevant Products/Services systems, while private business Relevant Products/Services and law-enforcement organizations are working together to increase the consequences on those committing these crimes."