Stuxnet and the Pentagon’s Cyber Strategy

Stuxnet and the Pentagon’s Cyber Strategy

Deputy Secretary of Defense William Lynn recently caused a stir in official Washington by publicly confirming that the Pentagon had suffered a massive computer breach in 2008. A foreign intelligence service successfully slipped an infected flash drive into a Central Command computer. The drive contained software that surreptitiously spread through both classified and unclassified government networks, establishing a "digital beachhead, from which data could be transferred to servers under foreign control." According to Lynn, "it was a network administrator's worst fear."

In addition to confirming the breach, Lynn previewed the Defense Department's cyber strategy, expected to be finalized by the end of the year. The strategy has several elements, including a defense in depth, with three layers: first, follow commercial best practices on security; second, deploy sensors, which map and detect intrusions; and, third, conduct "active defense." Lynn describes active defense as a system that automatically deploys defenses in real time based on intelligence warnings. According to Lynn, "part sensor, part sentry, part sharpshooter, these active defense systems represent a fundamental shift in the U.S. approach to network defense." This reference to "sharpshooters" raises questions, for it implies a more active role for the Defense Department.

Given the speed and range of cyber attacks, active defense depends on sophisticated rules of engagement, which must be set in advance. Lynn focuses on an attacker's motivation -- hacking, criminal, espionage or strategic -- to determine which body of law and regulation will govern a U.S. response. Although reading intent is not impossible, it is exceedingly difficult, perhaps more so given the difficulties associated with attributing an attack to any particular entity. (Indeed, Lynn dismisses retaliatory deterrence given these very difficulties in identifying an attacker, but does not address how the Defense Department will assess an attacker's motivations without knowing his or her identity.)

Keep reading for free!

Get instant access to the rest of this article by submitting your email address below. You'll also get access to three articles of your choice each month and our free newsletter:

Or, Subscribe now to get full access.

Already a subscriber? Log in here .

What you’ll get with an All-Access subscription to World Politics Review:

A WPR subscription is like no other resource — it’s like having a personal curator and expert analyst of global affairs news. Subscribe now, and you’ll get:

  • Immediate and instant access to the full searchable library of tens of thousands of articles.
  • Daily articles with original analysis, written by leading topic experts, delivered to you every weekday.
  • Regular in-depth articles with deep dives into important issues and countries.
  • The Daily Review email, with our take on the day’s most important news, the latest WPR analysis, what’s on our radar, and more.
  • The Weekly Review email, with quick summaries of the week’s most important coverage, and what’s to come.
  • Completely ad-free reading.

And all of this is available to you when you subscribe today.

More World Politics Review