The Defense Department finally released its white paper on cybersecurity on Thursday, and it does not treat the notion of online warfare lightly. That's understandable given a recent rash of attacks against the Pentagon and military contractors. When discussing the plan with the press, Deputy Defense Secretary William J. Lynn III revealed that 24,000 sensitive Pentagon files were stolen by "foreign intruders" in March, one of the worst cyber assaults in history. But that's not all. Lynn says these kinds of attacks have been happening for years.
"It is a significant concern that over the past decade, terabytes of data have been extracted by foreign intruders from corporate networks of defense companies," Lynn said, explaining how attacks target "our most sensitive systems, including aircraft avionics, surveillance technologies, satellite communications systems, and network security protocols."
The report itself divides that Defense Department plan into five strategic initiatives that emphasize defensive strategies rather than combative tactics. It calls on the Pentagon to "treat cyberspace as an operational domain to organize, train, and equip" Defense Department workers and innovate upon its idea of defense. In doing so, the Defense Department will "partner with other U.S. government departments and agencies and the private sector" as well as "build robust relationships with U.S. allies and international partners to strengthen collective cybersecurity." There's even a NASA-style coda that says we should "leverage the nation's ingenuity through an exceptional cyber workforce and rapid technological innovation."
Lynn took care to address privacy concerns right away--perhaps because of backlash from the National Security Agency's recent announcement about monitoring commercial internet providers:
The U.S. government is not monitoring, intercepting, or storing any private sector communications… Rather, threat intelligence provided by the government is helping the companies themselves, or the Internet service providers working on their behalf, to identify and stop malicious activity within their networks.
Lynn also insists that the new war domain is not the same as a battlefield:
This emphasis on cyberdefenses illustrates how we are both mindful of those who would do us harm using cyber means, but also committed to protecting the peaceful use of cyberspace. Far from "militarizing" cyberspace, our strategy of securing networks to deny the benefit of an attack will help dissuade military actors from using cyberspace for hostile purposes. Indeed, establishing robust cyberdefenses no more militarizes cyberspace than having a navy militarizes the ocean. This commitment to peace through preventive defense is at the heart of our DoD Cyber Strategy and the Administration's overall approach to cyberspace.
All that said, if you weren't scared of hackers already, you should be now. Even with the latest plan, we've been noticing that they've historically been pretty ambivalent about how to fight in a cyber war.