Deputy Defence Secretary William Lynn unveiled a new US strategy on Thursday for protecting military computer networks, moving away from a passive defence toward treating cyberspace as an "operational domain" in which trained forces defend against attacks.
Lynn, in a speech at the National Defence University at Fort McNair, said the Pentagon wanted to avoid militarising cyberspace but at the same time secure strategic networks, both by threat of retaliation and by mounting an effective defence. "Our ability to identify and respond to a serious cyber attack is ... only part of the strategy. Our strategy's overriding emphasis is on denying the benefit of an attack," he said. "If an attack will not have its intended effect, those who wish us harm will have less reason to target us through cyberspace in the first place."
He said as part of its active defences, the Pentagon would introduce new operating concepts and capabilities on its networks, such as sensors, software and signatures to detect and stop malicious code before it affects US operations. "Far from militarising cyberspace, our strategy of securing networks to deny the benefit of an attack will help dissuade military actors from using cyberspace for hostile purposes," Lynn said.
He said because the Internet is an open system involving networks operated by many organisations, it was important to include other US agencies, US allies and defence industries in the cyberspace security effort. "Our responsibility is to acknowledge this new environment and adapt our security instruments to it," Lynn said. "That is the purpose of the DoD Cyber Strategy. We must prepare."