Deputy Secretary of Defense William J. Lynd III, in a speech on September 15, 2010, in Brussels, Belgium:
“To facilitate operations in the cyber domain, we have created a four-star command, the U.S. Cyber Command. A single chain of command runs from Cyber Command to individual units around the world, enabling it to oversee all cyber operations and to direct the training and equipping of our force.
The second pillar of our strategy is to employ defenses that can respond to attacks at network speed.
In cyber, milliseconds can make a difference. So we have deployed a unique defensive system that includes three overlapping lines of defense. The first two are based on commercial best practices. One is just ordinary hygiene: downloading the patch to keep your software up to date, and making sure your firewalls are operating. A second uses intrusion-detection devices and monitoring software to establish a perimeter defense.
Ultimately, these two lines of defense are not enough to stop high-end threats. For that, you need active defenses.
Active defenses work by placing scanning technology at the interface of our networks and the open internet to detect and stop malicious code before it passes into our networks.
But in cyber, we cannot be perfect. Intrusions will not always be caught at the boundary. Some will inevitably evade detection. To find intruders once they are inside, we have to be able to hunt within our own networks. This too is part of our active defense capability.
The key is that active defense works at network speed to neutralize malicious code, thereby helping prevent the most sophisticated attacks on our networks.
The third pillar of our strategy is to ensure our critical infrastructure is protected.
The best-laid defenses on military networks will matter little unless our civilian critical infrastructure is also able to withstand attacks. So in the U.S. we are working closely with the Department of Homeland Security to evaluate how to secure nationally-important networks, including the computer networks used by the defense industrial base.
Collective defense is the fourth pillar of our strategy. Given the global nature of the internet, our allies can play a critical role in cyber defense.
Indeed, there is strong logic to collective cyber defense—and this is what brings me to Brussels today. The more attack signatures you can see, and intrusions you can trace, the better your defense will be. In this way the construct of shared warning—a core Cold War doctrine—applies to cyberspace today. Just as our air and space defenses are linked with those of our allies to provide warning of airborne attack, so too can we cooperatively monitor our computer networks for cyber intrusions.
Some of our computer defenses are already linked with allies. But far greater levels of cooperation are needed if we are to stay ahead of the cyber threat. Expanding our working relationship with NATO and its member countries is critical.
Our strategy’s fifth pillar is leveraging our own technological base. Like NATO members, the United States enjoys unparalleled technological resources. We must carefully marshal these advantages into superior military capabilities.
One of the more recent illustrations of how technology can improve network security is DARPA’s national cyber range. In the military, we routinely exercise our units on target ranges and in a variety of simulations. However, we have not developed that capability in the cyber world. So DARPA, which helped build the internet decades ago, is now developing a national cyber range—in effect a model of the internet. Once operational, the range will allow us to test capabilities before we field them…..”