Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

Department of Defense: Cyberspace is a New Warfare Domain

yberspace is a New Warfare Domain

yberspace is a New Warfare Domain

Defense Department Reveals that a Cyber Attack Captured 24,000 DoD Files; Announces Department’s Strategy for Operating in Cyberspace

The Department of Defense today released its Strategy for Operating in Cyberspace (DSOC), the Defense Department’s first unified strategy for cyberspace which “officially encapsulates” a new way forward for the DoD’s military, intelligence and business operations.

Listed first under the Five Strategic Initiatives in the 18-page document: “DoD will treat cyberspace as an operational domain to organize, train, and equip so that DoD can take full advantage of cyberspace’s potential.” Just like air, land, and sea, cyberspace is a new warfare domain. 

“There is no doubt that cyber space is a battleground, and it’s therefore perfectly logical that it be treated as a domain of warfare,” said Eric Knapp, Director of Critical Infrastructure Markets at NitroSecurity. “Establishing controls to keep cyber activities at bay, denying them the privilege of escalation, is a sound and responsible strategy,” Knapp added. “We shouldn’t be surprised that cyber defenses are a national concern, or be shocked that there is significant interest in cyber defense from a military perspective. More surprising is that there is still some reluctance to accept this concept from the public, despite recent examples of cyber attacks, such as Stuxnet, that have propagated through the mainstream media. I believe that reluctance likely stems from a common public misperception that ‘information’ is the only collateral at risk in a cyber war; it’s not common knowledge outside of the industry that the systems we rely on – energy, water, transportation, emergency response, and other public services – can be disrupted or even destroyed from a computer terminal. When you think of it in those terms, the Pentagon’s strategy is absolutely sound.”

William Lynn Department of Defense

“Strong partnerships with other U.S. government departments and agencies, the private sector and foreign nations are crucial,” said Deputy Secretary of Defense William J. Lynn III. “Our success in cyberspace depends on a robust public/private partnership. The defense of the military will matter little unless our civilian critical infrastructure is also able to withstand attacks.

 

The Department of Defense and other governmental agencies have taken steps to anticipate, mitigate and protect against the continuous rise in cyber threats. Last year, the DoD establishedU.S. Cyber Command, an agency responsible for directing activities to operate and defend DoD networks.  

 

Advertisement. Scroll to continue reading.

In his remarks, Lynn acknowledge that In March, a cyber attack on a defense company’s network captured 24,000 files containing Defense Department information.”It is a significant concern that over the past decade, terabytes of data have been extracted by foreign intruders from corporate networks of defense companies. In a single intrusion this March, 24,000 files were taken,” Lynn said, without sharing any further detail as to the types of files that were taken.

“The DoD’s announcement that 24,000 files swiped in March from contractor systems isn’t surprising to those of us that understand the large-scale cyber looting that has been going on for some time now,” said Anup Ghosh, CEO of browser security startup Invincea. “It’s clear that the defenses employed against enterprise networks, most of which were developed in the 20th century, are no longer up to snuff for the current threat. The large-scale theft of our nation’s intellectual property has been going on for well over a decade while the Department has classified much of the incursions. Now with hacktivists like Anti-Sec, LulzSec, Anonymous publicly hacking private companies, public companies, government systems, and contractors that hold our nation’s intellectual property, this genie is out of the bottle,” Ghosh says.

“The U.S. government has drawn a line in the sand and is saying enough is enough. All U.S. organizations need to take notice because the Pentagon’s announcement doesn’t just reflect attacks on our government – it shows that cybercrime is serious and reaches deep into our economy and infrastructure,” said Jason Clark, CSO at web security firm Websense. “The cyber threat is real and if you have intellectual property that any economic competitor would value, you’re a target. It’s also absolutely critical that the public and private sector collaborate on security strategies and share cyber threat intelligence,” Clark added.

The DoD is establishing a pilot public-private sector partnership intended to demonstrate the feasibility and benefits of voluntarily opting into increased sharing of information about malicious or unauthorized cyber activity and protective cybersecurity emeasures, but Invincea’s Ghosh doesn’t think this is enough.

“The initiative to share data between the Government and private sector is important, but they would be far better off not classifying that data in the first place so the attack methods are known and the commercial sector can build defenses commensurate with the attacks,” Ghosh says. “Sharing information is an important first step, but it doesn’t go far enough. The US must deploy defenses that stop the threat from establishing breaches in our networks in the first place. It’s time to stop talking about the problem and start deploying technologies already available that defend against attacks targeted at users. Waiting another day simply means losing another terabyte of data to our adversaries and standing by while watching the largest theft of our nation as it leaves our networks.”

The Five initiatives outlined in the Department of Defense Strategy (PDF) for Operating in Cyberspace are:

1. Treat cyberspace as an operational domain to organize, train, and equip so that DoD can take full advantage of cyberspace’s potential

2. Employ new defense operating concepts to protect DoD networks and systems

3. Partner with other U.S. government departments and agencies and the private sector to enable a whole-of-government cybersecurity strategy

4. Build robust relationships with U.S. allies and international partners to strengthen collective cybersecurity

5. Leverage the nation’s ingenuity through an exceptional cyber workforce and rapid technological innovation

“The cyber threats we face are urgent, sometimes uncertain and potentially devastating as adversaries constantly search for vulnerabilities,” Lynn Said. “Our infrastructure, logistics network and business systems are heavily computerized. With 15,000 networks and more than seven million computing devices, DoD continues to be a target in cyberspace for malicious activity.”

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Security Infrastructure

Security vendor consolidation is picking up steam with good reason. Everyone wants to improve security efficiency and effectiveness while paying for less.

Management & Strategy

Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco.

Cloud Security

The term ‘zero trust’ is now used so much and so widely that it has almost lost its meaning.

Security Infrastructure

Instead of deploying new point products, CISOs should consider sourcing technologies from vendors that develop products designed to work together as part of a...

Security Infrastructure

Comcast jumps into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace.

Audits

The PCI Security Standards Council (SSC), the organization that oversees the Payment Card Industry Data Security Standard (PCI DSS), this week announced the release...

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture