The Department of Defense (DoD) on Thursday released the unclassified version of its first-ever cyberspace operations strategy, but the blueprint comes too late to have prevented a number of past breaches.
Outgoing DoD Deputy Secretary William Lynn revealed during his speech to announce the new strategy that the agency was victimized by a major incident in March, when foreign hackers broke into the computers of an unnamed military contractor and stole 24,000 sensitive Pentagon files.
And attacks against defense networks also have resulted in the loss of data about missile tracking systems, satellite navigation devices, unmanned surveillance drones and jet fighters, Lynn said.
An unclassified summary of the new strategy, outlines how the Defense Department operates in cyberspace -- the fifth warfighting domain, next to land, water, air and space -- and safeguards its networks. Lynn unveiled the plan Thursday at the National Defense University in Washington.The report stresses increasing network resiliency and beefing up the U.S. military's cybersecurity capabilities to ensure the Defense Department can operate normally in the event of a major compromise.
“The cyberthreats we face are urgent, sometimes uncertain and potentially devastating as adversaries constantly search for vulnerabilities,” Lynn said in a statement. "Our infrastructure, logistics network and business systems are heavily computerized. With 15,000 networks and more than seven million computing devices, the [Defense Department] continues to be a target in cyberspace for malicious activity.”
Because the Defense Department's release is an unclassified version of the plan, it does not contain full details, according to reports citing Marine Corps Col. Dave Lapan. For example, It does not include any mention of offensive cyber operation plans or state how the department would specifically respond to an attack. The classified report is roughly 40 pages long.
The unclassified portion of the strategy said the department will prepare soldiers for a variety of scenarios, such as "degraded cyberspace operations for extended periods and disruption during a mission."
To bolster the security of its networks, the Defense Department has deployed a system made up of sensors, software and intelligence to detect and prevent intrusions and vulnerabilities in real time. The system is designed to detect and stop malicious activity before it can affect department networks.
The department added that it plans to constantly evolve its defense mechanisms to respond to the latest threats. It will also enhance its security best practices, deter insider threats and explore new defense mechanisms.
Secretary of Defense Leon Panetta said in a statement that the agency must prepare for increased threats.
“It is critical to strengthen our cyber capabilities to address the cyberthreats we're facing,” Panetta said.
The plan also emphasizes the importance of partnerships with other government agencies, such as the Department of Homeland Security (DHS), as well as the private sector and foreign nations.
“Our success in cyberspace depends on a robust public/private partnership,” said Lynn, the Pentagon's second-highest-ranking civilian, who will vacate his post later this summer. “The defense of the military will matter little unless our civilian critical infrastructure is also able to withstand attacks.”
Last October, the Defense Department and DHS announced plans to align their cybersecurity capabilities to better protect the nation's networks.
The agreement, signed by Gates and Secretary of Homeland Security Janet Napolitano, outlined a framework whereby the agencies can provide cybersecurity support to one another. The alliance was intended to improve collaboration as the two departments carry out their respective cybersecurity missions.
The partnership appears to be an effort to move past previous agency turf wars.
The Defense Department also plans, as part of its new strategy, to build up its roster of civilian and military personnel by creating new programs to attract skilled workers, and to streamline federal recruitment and hiring processes.