Because the US military is restricted from certain domestic operations, it is working in partnership with the Department of Homeland Security and private sector partners to lend its expertise to protect US critical infrastructure – providing to both the signatures and systems that help identify malicious software. Punctuating that point, Mr. Lynn noted in his speech a serious, previously unknown intrusion in March into a defense contractor’s network that netted 24,000 files.
• International Defense Building. This fourth pillar lays out expectations that the US will build “collective cyberdefenses” with international partners and allies, including NATO, expanding awareness of malicious software attacks.
• Training and Technology. The fifth pillar aims to ramp up training of defense personnel. The idea is to weaken the advantage cyberattackers enjoy due to anonymity on the Internet and generally porous defenses in society.
With DoD operating more than 15,000 networks and seven million computing devises in installations around the world, the target is huge. So the Pentagon is seeking some technological fixes to shift the field away from attackers, the strategy document indicates.
Though not in the document, the Defense Advanced Research Projects Agency (DARPA) recently announced work on new computer systems that adapt on the fly to attacks to increase resilience. Add to that new encryption technology that prevents data from becoming visible or vulnerable to an attacker.
Alan Paller, research director for the Sans Institute, a Washington-based cybersecurity education organization, says he especially likes pillars two and five – protecting critical infrastructure and ramping up procurement.