The Pentagon's cyberdefenders get a hopeless mission
In the current issue of Foreign Affairs, Deputy Defense Secretary William Lynn reveals Operation Buckshot Yankee, the Pentagon's effort to counter what Lynn terms "the most significant breach of U.S. military computers ever." In 2008, a foreign intelligence service, which Lynn doesn't identify, slipped malicious software code onto a flash drive. This flash drive was subsequently inserted into a U.S. military laptop computer in the Middle East, spreading an infection across both classified and unclassified Defense Department networks. The infection was designed to extract information from these networks and deliver it back to the foreign intelligence service. Lynn describes the Pentagon's response to this incident as "a turning point in U.S. cyberdefense strategy" and a catalyst for wide-ranging reforms.
COMMENTS (7)
More...
According to Lynn, more than 100 foreign intelligence organizations are attempting to break into U.S. networks. Lynn believes that a dozen determined hackers, if they found a vulnerability to exploit, could steal the U.S. military's plans, blind its intelligence systems, or disrupt its military operations. On the current cyber battlefield, offense is dominant, with U.S. cyberdefenders constantly lagging behind.
Lynn states, "[T]he United States cannot retreat behind a Maginot Line of firewalls or it will risk being overrun." In this case, the threat of punishing retaliation doesn't apply -- cyber attackers hide their identities and mask the origins of their attacks.
The
U.S. government's first response has been to get organized. The
military's cyber operations have been collected into a Cyber Command,
purposely co-located with the National Security Agency (NSA). Next, the
Pentagon has extended its cyber expertise to its network of essential
outside contractors and to critical civilian infrastructure that the
Pentagon requires for its operations. Finally, the Pentagon is
establishing cyber defense alliances with the Department of Homeland
Security and selected foreign allies.
These
are all logical steps that the government always takes when it faces a
new persistent problem. Yet by Lynn's description of the problem, the
Pentagon faces an unending siege on terms very unfavorable for those
responsible for its cyber defense. Lynn and his colleagues are placing
their hopes on an improved model of "active defense." In addition to
standard computer "hygiene" (anti-virus software and firewalls), the
Pentagon now works with the NSA's signal intelligence capabilities to
anticipate intrusions, classify them when detected, prevent them from
making a penetration, and if all of else fails, chase down and
quarantine threats after they make it inside.
Although Lynn disparages a defensive Maginot Line mentality, the "active defense" he describes sounds like soldiers forever on the ramparts. Lynn aims to deter hackers by denying them the benefits of an attack. But as long as there is no cost for attacking, there is no reason to stop trying. Lynn and his colleagues hope that better cooperation within the U.S. government, and with the technology industry, computer researchers, and foreign allies, will ensure that the United States maintains its technological edge and thus the success of its cyber defenses. Regrettably, in spite of these resources, the U.S. faces a whole world of intruders and should not count on any enduring qualitative advantage over its adversaries. And that world of intruders can keep attacking without cost or risk until they slip by the defenders.
What is the answer? Lynn describes it near the end of his article: "[The Defense Advanced Research Projects Agency (DARPA)] is also challenging the scientific community to rethink the basic design of the Pentagon's network architecture so that the military could redesign or retrofit hardware, operating systems, and computer languages with cybersecurity in mind." In other words, the Pentagon and its supporting infrastructure should leave the current cyber battlefield that so favors its adversaries. Instead of using commercial off-the-shelf computer hardware, software, and standard Internet protocols, the Pentagon would design and install customized and exclusive systems (at least for its classified and operational applications) that would deliberately be incompatible with the rest of the Internet.
The U.S. government has a perfectly horrible record at efficiently executing large computer projects. Such an effort to overhaul the Pentagon's computer systems would be the largest, costliest, and most complicated yet. It is thus understandable that Lynn and his colleagues would prefer to give their less-costly active defense approach a try. But this decision also leaves in place the structure that gives enduring advantages to the Pentagon's cyber adversaries. Active defense and truly isolating the Pentagon from the rest of cyberspace are not mutually exclusive efforts. While DARPA works on cutting off the Pentagon from the rest of the world, the Pentagon's cyber warriors will get no sleep defending the fort.
SUBJECTS:
(7)
HIDE COMMENTS LOGIN OR REGISTER REPORT ABUSE