DOD suffers millions of attempted hacks every day, unveils new cyber plan
Last March, a total of 24,000 files containing Department of Defense information were stolen by a "foreign intelligence service" in a hack of a defense contractor, Deputy Secretary of Defense William J. Lynn III and the American Forces Press Service revealed on Thursday.
Details about the attack, such as who the victim was, and the type of data that was stolen, were not disclosed. This is because Deputy Secretary Lynn was simply using the figure to underscore the importance of data security in the new Department of Defense Strategy for Operating in Cyberspace, which was unveiled today.
The new five-pillar strategy reveals that "DoD networks are probed millions of times every day, and successful penetrations have led to the loss of thousands of files from U.S. networks and those of U.S. allies and industry partners," and that threats are constantly evolving.
The DoD's three main areas of concern for security are: data theft and exploitation; disruption or denial of service attacks that block government networks and information; and the general destruction (including corruption, manipulation, and degradation) of networks and connected systems.
So the plan outlines five specific initiatives to prevent any of those occurrences. First, the Department of Defense will now treat the Internet in the same way as it treats air, land, sea, and space. Just as the Department of Defense has agencies that serve each of those domains, it now has one to serve cyberspace, USCYBERCOM, which formed in 2009 as a sub-unit of the Secretary of Defense's USSTRATCOM.
According to this pillar of the plan, "DoD will fully integrate a complete spectrum of cyberspace
scenarios into exercises and training to prepare U.S. Armed Forces for a wide variety of contingencies. A cornerstone of this activity will be the inclusion of cyber red teams throughout war games and exercises."
The second initiative is to put new defense solutions into place on DoD networks and systems, including improved best practices, better "cyber hygiene," better internal accountability and monitoring, and new, more security-oriented computing architectures.
The third initiative is to partner with other government bodies such as the Department of Homeland Security, and the Defense Industrial Base as well as the private sector (read: ISPs) to employ a single cybersecurity strategy that covers the whole government.
The fourth initiative is to strengthen the security of allies and international partners to minimize vulnerability. This will involve improved communication, situational awareness, and warning capabilities to prevent the spread of malicious code and close vulnerabilities more quickly.
Finally, the fifth initiative is to build a more tech-oriented workforce, which it says is "of paramount importance" to the DoD. In short, the Department of Defense is going to try to mimic the private tech sector. This means early recruitment of young talent, better education and training of professionals, faster adoption of new technology, incremental deployment of new tech rather than huge monolithic rollouts, and dynamic oversight based upon a system's priority.
The key element is that counterattack and retaliation are simply not options. In Internet security, it's attack and defend, so the "thrust of the strategy," Lynn said, is to be defensive, dynamic, and robust.