You have reached a collection of archived material.

The content available is no longer being updated and may no longer be applicable as a result of changes in law, regulation and/or administration. If you wish to see the latest content, please visit the current version of the site.

For persons with disabilities experiencing difficulties accessing content on, please use the DoD Section 508 Form. In this form, please indicate the nature of your accessibility issue/problem and your contact information so we can address your issue or question.

United States Department of Defense United States Department of Defense

DoD News

Bookmark and Share

 News Article

Lynn Explains U.S. Cybersecurity Strategy

By Jim Garamone
American Forces Press Service

BRUSSELS, Belgium, , Sept. 15, 2010 – Deputy Defense Secretary William J. Lynn III detailed the Defense Department’s new cybersecurity strategy here today.

Lynn – who spoke at a gathering sponsored by the Security and Defense Agenda after meetings at NATO and the Supreme Headquarters Allied Powers Europe on cybersecurity – described the strategy as having five “pillars.”

The first pillar is the recognition that cyberspace is a new domain of warfare, Lynn said.

“Like air, sea, land and space, we’re going to have to treat cyberspace as an arena where we need to defend our networks and to be able to operate freely,” he explained.

There are obvious differences, the deputy secretary acknowledged. Cyberspace is man-made, he said, and much of the infrastructure is in private hands. But this does not mean it’s not critical to military effectiveness, he added.

“We need to treat it organizationally as a domain – we need training, we need doctrine, we need all the elements we apply to any other domain,” he said. “That’s the fundamental reason that the U.S. stood up the United States Cyber Command.”

The new command has the lines of authority to man, train and equip for the new domain, he said.

The strategy’s second pillar is defenses that go beyond passive ones. “You cannot have a fortress mentality in this arena,” he said.

The two main passive defenses – simple computer hygiene and firewalls – will catch about 70 to 80 percent of the attacks, Lynn said. To get the rest, he added, “We need active defenses, using sensors that are able to act at network speed to detect and then block the attacks on our networks.”

“You also need the ability to hunt and attack on your own networks to get the intruders who do get past the initial defenses,” he said.

The third pillar is to ensure the safety of critical infrastructures. “It won’t do any good to protect military networks if your power goes down,” said the deputy secretary explained.

Collective defense is the strategy’s fourth pillar. “There is a strong logic to collective defense in the cyber arena,” Lynn said. “The more attack signatures you are able to detect early and build those into your defenses, the stronger your defenses will be.”

He likened this pillar to the Cold War strategy of shared early warning. “Just as our missile defenses have been linked, so too, our cyber defenses have to be linked as well,” the deputy secretary said.

The fifth pillar, Lynn said, is to keep the technological advantage.

“We have a lead in information technology, and it is critical to both our security and our economies to maintain that,” he said. “We have to marshal our technological dominance to ensure that the superior military capabilities we’ve developed are maintained.”

Improving training, developing artificial intelligence capabilities and tools such as an Internet training range are among the investments the United States is making to maintain this lead, Lynn said.


Contact Author

William J. Lynn III

Related Sites:
Special Report: Travels With Lynn
Special Report: Cybersecurity


Article is closed to new comments.

The opinions expressed in the following comments do not necessarily reflect those of the U.S. Department of Defense.

There are no comments.

Additional Links

Stay Connected