WASHINGTON (Reuters) - Deputy Defense Secretary William Lynn unveiled a new U.S. strategy on Thursday for protecting military computer networks, moving away from a passive defense toward treating cyberspace as an “operational domain” in which trained forces defend against attacks.
Lynn, in a speech at the National Defense University at Fort McNair, said the Pentagon wanted to avoid militarizing cyberspace but at the same time secure strategic networks, both by threat of retaliation and by mounting an effective defense.
“Our ability to identify and respond to a serious cyber attack is ... only part of the strategy. Our strategy’s overriding emphasis is on denying the benefit of an attack,” he said. “If an attack will not have its intended effect, those who wish us harm will have less reason to target us through cyberspace in the first place.”
He said as part of its active defenses, the Pentagon would introduce new operating concepts and capabilities on its networks, such as sensors, software and signatures to detect and stop malicious code before it affects U.S. operations.
“Far from militarizing cyberspace, our strategy of securing networks to deny the benefit of an attack will help dissuade military actors from using cyberspace for hostile purposes,” Lynn said.
He said because the Internet is an open system involving networks operated by many organizations, it was important to include other U.S. agencies, U.S. allies and defense industries in the cyberspace security effort.
“Our responsibility is to acknowledge this new environment and adapt our security instruments to it,” Lynn said. “That is the purpose of the DoD Cyber Strategy. We must prepare.”
Reporting by David Alexander; Editing by Tim Dobbyn