Lynn Wants Halt to Cyber Sniping

Lynn Wants Halt to Cyber Sniping

By Greg Grant Tuesday, June 16th, 2009 4:18 pm
Posted in Cyber Security, Intelligence, Policy

Bot-nets, internet-zombies, industrial spies, and cyber-mercenaries attack U.S. networks every day in the ongoing 21st century cyber war, said Deputy Defense Secretary William Lynn. Defense networks are probed “thousands” of times a day and the frequency and sophistication of those attacks are increasing exponentially.

“This is not some future threat, the cyber threat is here today,” Lynn said, speaking yesterday at CSIS in Washington. “The cyber threat to DOD represents an unprecedented challenge to our national security by virtue of its source, its speed and its scope.” Defeating cyber enemies will require developing an agile and nimble cyber “maneuver warfare” response, not a “digital version of the Maginot Line.”

The power to disrupt and destroy power grids and other critical infrastructure, once the exclusive province of nation states, is now in the hands of small criminal and terrorist networks and even individuals. Some countries are developing offensive cyber weapons and more than 100 “foreign intelligence organizations” are trying to hack into U.S. networks, he said. Criminal groups infect thousands of computers spread around the world with viruses that give them control of them all in one massive “bot-net,” that they then lease out to the highest bidder to wield against vulnerable networks. Attacks are up against defense contractors, Lynn said, and “major aerospace platforms” have experienced intrusions that have compromised sensitive, but not classified, information.


To counter cyber attacks that can strike in milliseconds, the military must detect and respond to attacks at “network speed,” before networks are compromised, he said. Billions of dollars are spent annually to harden networks against attack, he said, but static firewalls are not enough. To outmaneuver opponents in cyberspace, DOD is building a cadre of cyber experts, and is tripling the number of experts it trains each year to 250 people. DARPA is also building a “national cyber range,” in effect a model of the internet, Lynn said, to permit development and testing of new cyber defenses and weapons.

“We need to end the jousting and jockeying within the department for personnel, for resources, for authority that has often prevented a more coordinated and effective response to the cyber threat.” To that end, the Pentagon is mulling creation of a new “subordinate unified command” under Strategic Command, the lead command for cyber defense. Lynn said that although Gates has yet to make a final decision on the structure of the command, “it would not represent the militarization of cyber space,” he said. The new command would only be responsible for protecting networks in the dot-mil domain, not the private sector.

Lynn said the military is stills struggling with issues such as the “difficulty of attribution,” how to deter cyber attacks when the identity of the attackers in cyberspace is rarely known and massive bot-nets span multiple countries. Some cyber attacks have been traced back to China, he said, but the military has been unable to determine whether it was an individual, a criminal organization or the Chinese government.

Image: Photobucket

Join the Conversation

Zach June 16th, 2009 at 9:25 pm

Why not make a 2nd internet within the military (and other Government installations) that has no connection to the actual internet to solve the problem? The only way a hacker could enter the system then is to be on a military computer. Right?

Or am I missing something?

roseknight June 17th, 2009 at 11:05 pm

Internet2 is a reality. It is for the education community. Yes, you maybe missing something. Penetration into a new internet would take time but the potential is still there. The solution would is ingrained in the perfection of known network security measures and the creation and implentation of new security measures.

roseknight June 17th, 2009 at 11:07 pm

Security solutions are avialable. Tools and space to go after the “Bad Guys” is what we need!

Brian W June 17th, 2009 at 11:41 pm

There are already multiple military and government networks that are totally separate from the main Internet and each other. The most prevalent ones are for different classification levels.

The problem is that by doing this you are removing your users from the internet as a whole, which has some disadvantages.

The military folks that work in Iraq Afghanistan will tell you horror stories about needed to remember 15 (or more!) different sets of passwords/logons to access the info needed to do the mission, and many times having to log in/out of networks to get different pieces of data. And of course you can’t easily combine and transfer the data between these networks since they are all airgapped and USB keys and floppies are banned.

Todd J June 18th, 2009 at 12:12 am

Passwords? Should they be using their CAC/PIV credentials for authentication?

Paul June 18th, 2009 at 12:22 am

As I read this, I’m thinking only 250 new people per year and that’s a tripling! What have these guys at the DOD been doing since 1984?

“To outmaneuver opponents in cyberspace, DOD is building a cadre of cyber experts, and is tripling the number of experts it trains each year to 250 people.”

Enough Said!

Paul June 18th, 2009 at 12:24 am

I guess my point above is why are we not training 2500 folks per year.

roseknight June 18th, 2009 at 10:37 am

Single point authentication which consist of BIO markers may help.

250 for the managerial staff is good for starters. The NSA could help with this issue.

roseknight June 18th, 2009 at 10:40 am

Read “Body of Secrets” or Scan to the back of it. The book has interesting data.

BlackWolf3102 June 18th, 2009 at 4:56 pm

Think About This Before You Do Anything We Already Have The Equipment You All Are Talking About If We Didnt We Wouldnt Be Talking To Talking To OPs ALL OVER THE WORLD But We Have a Problem!!!! Our OPs Even Personal Has This Stuff In IRAQ AFGANISTAN. We Are Losing This Off Humvus/ Tanks And Thats Labtops ALOT OF THEM That the TALBAN has Got There Hands On And Knows All Of Our Information To get into the Labtops Battle Plans Every Person From Presidant down to PVT Where They Are There Family Is etc So Really Either Way Military Or Cilvian This Going To Happen Until They Can Police And Stop Both Sides From Stop loosing Equipment and personal Not Having The Right Security Internet Suite. And More PPL Help

Mark S. June 20th, 2009 at 7:50 am

Once again I must point out that as long as we rely on a Windows based infrastructure we are at risk.

It’s the screen door on a submarine.

I work IT and I see more and more USG departments are slowly switching to the Mac platform because it is the most secure OS right out of the box and with a little tinkering it is damn near bomb proof.

DensityDuck June 20th, 2009 at 3:06 pm

There’s nothing special about Apple’s OS that makes it safer than Windows; a buffer overrun is a buffer overrun, and Macs use TCP/IP same as anyone else does. Macs only appear safer because they’ve got such a small market share; as soon as it’s worth bothering, people will attack them.

And if you think that the actual info-ops people don’t have procedures in place to attack Macs, then you’re out of your mind.

The only way to keep a system safe from intrusion is to put it in a welded steel box with its own internal power supply.

Mark S. June 21st, 2009 at 5:35 pm

DenseD1ckhead, your attempt at the use of technical terms is laughable at best and the security of the Mac OS has nothing to do with “buffer overrun,” but with the special type of UNIX kernel that is at the core of the OS.
Sure “info-ops people” try to break into our GO’s Mac banks, but they never get anywhere.
As for the Windows computers…they are a real headache and that’s why they are being phased out.
Do your homework before you post!!!

Alex June 21st, 2009 at 5:45 pm

The problem with cyber security is more the user than the operating system. There is nothing special about Macs that make their users less vulnerable to phishing or social engineering, which is the source of most successful cyber-attacks that result in stolen information.

Mark S. June 21st, 2009 at 6:07 pm

Alex, once again I must say if that if you knew the difference between the two OSs and how things work in the real world your outlook would be much different.
These “cyber attacks” ate successful because of flaws in the Windows Operating System. Get it? Windows is the open door they look for because it has so many ways to get in, force a way in, bust in and so on. That’s why it’s so vulnerable and the bad guys know that and have for years.
The only way to fix it is to ditch the whole thing and start from scratch. But Microsoft won’t do that and keeps building on something it’s not willing to outright fix.
Now I agree with you on the phising aspect of the problem, however in a work environment such as ours we teach our users (engineers, scientists and whatnot) what to do and not to do far above and beyond the casual Mac user and we monitor them and the network.
We just shrug off the attacks and report forward the logs.
The casual user is vulnerable to phishing or “social engineering” no matter what platform they use.
Fact is that gullible people will do stupid things has always been a fact of life.

*required

NOTE: Comments are limited to 2500 characters and spaces.

By commenting on this topic you agree to the terms and conditions of our User Agreement