Deputy Defense Secretary William Lynn said Tuesday that the U.S. government is "moving aggressively" to counter evolving cyberthreats and is currently in the final stages of a comprehensive cyberstrategy review. The time to act is now while cyberattacks are still "relatively unsophisticated in nature, short in duration, and narrow in scope," he said.
The danger is that powerful cybertools already exist that one day could be deployed by the nation's adversaries to potentially cause severe economic damage, physical destruction, and even loss of life, Lynn said in a keynote address at the RSA security conference in San Francisco.
"We must have the capability to defend against the full range of cyberthreats," Lynn said. "This is indeed the goal of the Defense Department's new cyberstrategy, and it is why we are pursuing that strategy with such urgency."
A New Domain of Warfare
FBI Director Robert Mueller, CIA Director Leon Panetta, and Director of National Intelligence James Clapper have already told the House Subcommittee on Emerging Threats and Capabilities that sophisticated cyberattacks could place the nation's security in jeopardy.
"Each of them said it was very serious," said subcommittee Chairman Mac Thornberry (R-Texas). "In fact, Clapper testified that 'The threat is increasing in scope and scale, and its impact is difficult to overstate.' And our vulnerability is growing because our dependence on cyber is growing in just about every aspect of our lives."
Though the open, transparent and interoperable nature of the worldwide web has endowed it with undeniable dynamism, it has also given attackers a significant advantage that becomes obvious when comparing antivirus software to the malware it attempts to defeat, Lynn said. "Sophisticated antivirus suites now run on about 10 million lines of code, yet malware written with as little as 125 lines of code has remained able to penetrate antivirus software," he observed.
The Defense Department has already formally recognized cyberspace as a new domain of warfare -- like land, air, sea and space, Lynn explained. "Treating cyberspace as a domain means that the military needs to operate and defend its networks, which is why we established U.S. Cyber Command," Lynn told the RSA attendees.
Furthermore, U.S. military services need to be organized, trained and equipped to perform cyber missions. "Each of the services has recently created organizations to do just that," Lynn said. "In short, to maintain our national security, our military must be as capable in this new domain as it is in the more traditional domains." (continued...)