DOD sees clear lines of authority for cybersecurity
The Defense Department needs to better coordinate its cybersecurity operations but has no interest in replacing the Homeland Security Department as the primary agency for protecting federal civilian networks, Deputy Defense Secretary William Lynn said today.
The Pentagon's second-highest ranking official said his department is considering a plan to create a cybersecurity command, which would serve as the main point for protecting military (.mil) networks and organizing offensive cyberwarfare capabilities.
"Such a command would not represent the militarization of cyberspace," Lynn said during a speech at the Center for Strategic and International Studies. "It would in no way be about the Defense Department trying to take over the government's cybersecurity effort. On the contrary, such a command would not be responsible for the security of civilian computer networks outside the Defense Department."
He added: "Responsibility for protecting federal civilian networks would remain with the Department of Homeland Security. Likewise, responsibility for protecting private sector networks would remain with the private sector."
Defense Secretary Gates has not made a final decision on creating the Pentagon command, Lynn said. If created, the command would help the administration define "the rules of the road" for Defense Department cyber-operations.
"We need to end the jousting and jockeying within the department for personnel, for resources, for authority that has often prevented a more coordinated and effective response to the cyber threat," Lynn said. "One of the reasons we're looking at a cyber command ... is to unify all aspects of cyber defense, so that you don't separate out offensive, defense, intelligence."
Lynn declined to discuss what kind of offensive cyber activities the Pentagon conducts. But he said it would be "irresponsible to not somehow leverage the undeniable technical expertise and talent that resides at the National Security Agency." Critics fear the NSA's role in cyber operations, given that it helped carry out warrantless electronic wiretapping on U.S. citizens under the Bush administration. But Lynn added, "We can and we will protect our national security and uphold our civil liberties."
One of the most difficult problems, he said, is determining the identity of an attacker. "If attacked in milliseconds, we can't take days to organize and coordinate our defenses," Lynn said. "In short, we have to be just as fast, or faster, than those who would do us harm."
He said the Russian invasion of Georgia last year offered a glimpse of what future war could look like. "During last year's Russian invasion of Georgia, we saw cyber attacks shut down Georgia's government and commercial Web sites," he said. "A military attack alongside a cyber attack is the very definition of hybrid warfare."