The US Department of Defense announced in a press release today that it has created a DoD Strategy for Operating in Cyberspace (DSOC). You can download the 19-page PDF and view the Strategy for yourself.
The document covers 5 strategic initiatives the DoD hopes to bring to their use and reliance on technology:
- Treat cyberspace as an operational domain to organize, train, and equip so that DoD can take full advantage of cyberspace’s potential
- Employ new defense operating concepts to protect DoD networks and systems
- Partner with other U.S. government departments and agencies and the private sector to enable a whole-of-government cybersecurity strategy
- Build robust relationships with U.S. allies and international partners to strengthen collective cybersecurity
- Leverage the nation’s ingenuity through an exceptional cyber workforce and rapid technological innovation
The Strategy was announced yesterday and introduced by Deputy Secretary of Defense William J. Lynn, III. You can read the full text of the speech.
Recalling a recent cyber attack in March where 24,000 files were stolen, Lynn announced that the DoD has been working on a pilot program to protect the DoD and defense contractor’s networks.
Toward that end, the Department of Defense, in partnership with DHS, has established a pilot program with a handful of defense companies. This program provides these companies with more robust protection for their networks. In this Defense Industrial Base—or DIB—Cyber Pilot, classified threat intelligence is shared with defense contractors or their commercial internet service providers along with the know-how to employ it in network defense. By furnishing this threat intelligence, we are able to help strengthen these companies’ existing cyber defenses.
In this way, the DIB Cyber Pilot builds off existing capabilities that are widely deployed through the commercial sector. By leveraging infrastructure that already exists, the pilot suggests we can provide substantial additional protections across our critical infrastructure for only a fractional increase in cost.
In the DIB Cyber Pilot, the U.S. government is not monitoring, intercepting, or storing any private sector communications. Rather, threat intelligence provided by the government is helping the companies themselves, or the internet service providers working on their behalf, to identify and stop malicious activity within their networks. The pilot is also voluntary for all participants.
Although we are only beginning to evaluate the effectiveness of the pilot, it has already stopped intrusions for some participating industry partners. And through the information sharing the pilot promotes, we not only halted intrusions. We also learned more about the diversity of techniques used to perpetrate them.
The DIB Cyber Pilot breaks new ground in recognizing the interconnectedness of cyber and the important role of stakeholders in thwarting attacks. We have much to do to protect our critical infrastructure from sophisticated intrusions and attacks. But by establishing a lawful and effective framework for the government to help operators of critical infrastructure defend their networks, we hope the DIB Cyber Pilot can measurably enhance the security of our nation’s critical infrastructure.
Perhaps the DIB Cyber Pilot was what was used in May when Lockheed Martin revealed that they were able to stop an attack on their network. Will the technology for this pilot program start creating nation-state borders on the Internet? Although they pre-empt any questions of monitoring, intercepting, or storing private sector communications, it can’t help but make you a little paranoid that maybe it’s possible.
For more informationon the DSOC, see these articles from Defense.gov:
- DOD Releases First Strategy for Operating in Cyberspace
- Lynn: Cyber Strategy’s Thrust is Defensive