WASHINGTON — The Pentagon is revealing that it suffered one of its largest-ever losses of sensitive defense data this spring to a cyber attack that it blames on an unspecified foreign government.
The loss is an example of why the Pentagon has developed new cyber security rules that emphasize deeper defenses, more collaboration with private industry and new steps to stop thefts by malicious insiders.
William Lynn, the deputy secretary of defense, said in a speech outlining the new strategy that 24,000 files were stolen from a defense industry computer network in a single intrusion in March. He offered no details.
In an interview, Lynn said the Pentagon has a good idea who made the attack but he would not offer details. He said it was by a nation rather an individual.
Lynn unveiled the strategy for defending military computer networks and responding to growing threats in cyberspace.
The Pentagon is moving away from a passive defense of its computer networks to treating cyberspace as an “operational domain,” in which trained military forces defend against attacks.
In a speech at the National Defense University at Fort McNair, Deputy Defense Secretary William Lynn said the increasing dependence on information technology virtually guarantees future enemies will target the Pentagon’s reliance on computer networks for military operations.
“Our assessment is that cyber attacks will be a significant component of any future conflict, whether it involves major nations, rogue states or terrorist groups,” Lynn said.
Lynn said tools capable of disrupting or destroying critical networks and causing physical damage exist today, making a strategic shift in the ever evolving danger in cyber space. “As a result of this threat, keystrokes originating in one country can impact the other side of the globe in the blink of an eye. In the 21st Century, bits and bytes can be as threatening as bullets and bombs,” Lynn said.
Lynn revealed that earlier this year a foreign intelligence service stole 24,000 computer files from a defense contractor developing systems for the U.S military.
Lynn said a nation state was behind the theft, but declined to identify which country was involved.
In a new pilot program, the Pentagon is sharing classified threat intelligence information with a handful of companies to help them identify and block malicious activity.
The strategy outlined by Lynn is oriented toward defensive rather than offensive measures. “Far from militarizing cyberspace, our strategy of securing networks to deny the benefit of an attack will help dissuade military actors from using cyberspace for hostile purposes,” Lynn said.
Lynn said substantial progress has been made working with private industry and other government agencies to make critical infrastructure more secure.
He said the Pentagon is also working with allies and international partners to build collective cyber defenses. “These active defenses use sensors, software, and signatures to detect and stop malicious code before it affects our operations, thereby denying the benefit of an attack,” Lynn said.
Lynn said it is not clear how much damage digital thievery has done to U.S. economic competitiveness and national security, but he said a recent estimate put cumulative economic losses at over $1 trillion.
© All Rights Reserved.