WASHINGTON — Land, air, sea, space — now cyberspace. The Department of Defense Thursday released its first-ever “Strategy for Operating in Cyberspace,” and private companies are being called to service.
“Everybody is on the frontline,” Deputy Secretary of Defense William J. Lynn III said at an official announcement detailing the new cybersecurity plan at the National Defense University.
The strategy, called the first unified plan incorporating DOD’s military, intelligence and business operations, lays out five pillars for defending against cyber attacks. Several of those pillars specifically address civilian help. Defense contractors and Internet service providers are expected to play an integral role in cyber defense.
Gen. James Cartwright, vice chairman of the Joint Chiefs of Staff, called the strategy a way “to build a layering for defense strategy awareness.”
Gen. James Cartwright (left) and Deputy Secretary of Defense William J. Lynn discuss the new cybersecurity plan of the Defense Department (Bob Spoerl/MNS)
As part of the strategy, the Pentagon created a 90-day pilot program involving AT&T, Verizon Communications and Century Link , the Internet service providers to a handful of defense contractors. They are given access to classified defense information to help protect against attacks by cyber hackers. After the program ends this summer, the Defense Department would like to expand its civilian cyber security base to allow dozens of companies to participate.
The pilot comes a few months after a March 24 cyber attack against an unnamed defense contractor company. Some 24,000 of that company’s files, ones that contained military secrets, were hacked into. The Defense Department won’t say who or what group was responsible.
In May, defense contract company Lockheed Martin Corp. faced cyber attacks of an unknown magnitude.
The Center for Democracy & Technology, a surveillance security watchdog, is optimistic that the information shared with defense-related companies will lead to more thorough Internet security.
“It breaks a logjam that has been in place and that could have led to Department of Defense monitoring networks itself,” center lawyer Greg Nojeim said.
As a result of the Defense Department pilot program, Internet providers now have access to classified signatures, which would better defend networks, Nojeim said. The only concern is how the private companies will share information with the Defense Department and the Department of Homeland Security.
“The flow back to the government hasn’t been described,” Nojeim said. “You want to avoid a back-door wiretap.”
Cyber exploitation in the form of fraud and intellectual property theft has cost the nation some $1 trillion, according to the Defense Department.
“Blunting our edge in military technology and enabling foreign competitors to copy the fruits of our commercial innovation has a deeply corrosive effect over the long-term,” Lynn said.
Thursday’s cybersecurity announcement may spur defense technology innovation. The Defense Department announced it would commit $500 million to research. However, it doesn’t know how Defense will fund long-term cybersecurity initiatives, especially the part of the plan that mixes private and public safety concerns.
“The legal policy framework as well as the business model here are challenges,” Lynn said.