go to top

Stuxnet and the Pentagon's Cyber Strategy

Wednesday, Oct. 13, 2010

Deputy Secretary of Defense William Lynn recently caused a stir in official Washington by publicly confirming that the Pentagon had suffered a massive computer breach in 2008. A foreign intelligence service successfully slipped an infected flash drive into a Central Command computer. The drive contained software that surreptitiously spread through both classified and unclassified government networks, establishing a "digital beachhead, from which data could be transferred to servers under foreign control." According to Lynn, "it was a network administrator's worst fear."

In addition to confirming the breach, Lynn previewed the Defense Department's cyber strategy, expected to be finalized by the end of the year. The strategy has several elements, including a defense in depth, with three layers: first, follow commercial best practices on security; second, deploy sensors, which map and detect intrusions; and, third, conduct "active defense." Lynn describes active defense as a system that automatically deploys defenses in real time based on intelligence warnings. According to Lynn, "part sensor, part sentry, part sharpshooter, these active defense systems represent a fundamental shift in the U.S. approach to network defense." This reference to "sharpshooters" raises questions, for it implies a more active role for the Defense Department. ...

Want to Read the Rest?
Login or Subscribe Today.
Get unlimited access to must-read news, analysis and opinion from top experts. Subscribe to World Politics Review and you'll receive instant access to 9,000+ articles in the World Politics Review Library, along with new comprehensive analysis every weekday . . . written by leading topic experts.

YES, I want to subscribe now.