Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

New U.S. Cybersecurity Strategy Revealed

U.S. Cybersecurity Strategy Update

U.S. Cybersecurity Strategy Update

After meetings at NATO and the Supreme Headquarters Allied Powers Europe on cybersecurity, U.S. Deputy Defense Secretary William J. Lynn III detailed the Defense Department’s new cybersecurity strategy at a Brussels gathering sponsored by the Security and Defense Agenda this week.Department of Defense Cyber Security Strategy

Reprising comments he made in a recent article published in Foreign Affairs magazine, Lynn identified five “pillars” to the strategy.

The first is simply recognizing that cyberspace is a new domain of warfare, on a par with air, sea, land and space. “We need training, we need doctrine, we need all the elements we apply to any other domain,” he said. “That’s the fundamental reason that the U.S. stood up the United States Cyber Command.”

The strategy’s second pillar involves taking a stance that passive defenses are not adequate. The two main passive defenses – simple computer hygiene and firewalls – will catch about 70 to 80 percent of the attacks, Lynn said. To get the rest, “We need active defenses, using sensors that are able to act at network speed to detect and then block the attacks on our networks.” Also required, according to Lynn, is “the ability to hunt and attack on your own networks to get the intruders who do get past the initial defenses.”

The third pillar of the new strategy is ensuring the safety of critical civilian infrastructures. “It won’t do any good to protect military networks if your power goes down,” said Lynn.

Collective defense is the strategy’s fourth pillar. Lynn likened this pillar to the Cold War strategy of shared early warning. “Just as our missile defenses have been linked, so too, our cyber defenses have to be linked as well.”

The fifth pillar is keeping the technological advantage the U.S. now enjoys. “We have a lead in information technology, and it is critical to both our security and our economies to maintain that,” said Lynn. This assertion, however, is called into question by the recently released 2011 Global State of Information Security Study by CIO, CSO and PricewaterhouseCoopers, which paints a gloomier picture, at least in respect to security. According to that report, Asian companies are more likely to acknowledge that the increased risk environment has advanced the role and importance of the security function, and they are more focused on data protection than those in other regions, at least in the private sector. Additionally, the report states, Asian companies are more proactive at addressing emerging practices such as implementing security technologies supporting Web 2.0 exchanges.

Related: Defense Department’s Cyberwar Credibility Gap

Advertisement. Scroll to continue reading.

Related: China’s Cyber Threat Growing

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.