Lynn Assesses NATO’s Cybersecurity Progress
By Jim Garamone
American Forces Press Service
BRUSSELS, Belgium, Jan. 25, 2011 NATO is moving ahead with plans to protect the alliance’s cyberspace domain, Deputy Defense Secretary William J. Lynn III said here today.
U.S. Deputy Defense Secretary William J. Lynn III talks with members of the press at the European Defense Agency's headquarters in Brussels, Belgium, Jan. 25, 2011. DOD photo by U.S. Air Force Master Sgt. Jerry Morrison
(Click photo for screen-resolution image);high-resolution image available.
In an interview at the European Defense Agency, Lynn said NATO leaders are taking concrete steps to defend cyberspace.
Lynn called his visit a “a bookend trip.” He had visited the alliance headquarters two months before NATO’s November summit in Lisbon, Portugal, to propose and coordinate U.S. ideas for defending cyberspace. His meeting today was part of the High Level Meeting of National Policy Advisors on NATO Cyber Defense. Coming two months after the summit, it was a chance for Lynn to assess progress.
“The first step for NATO is to protect its own networks,” the deputy secretary said. “We need concrete steps. We need to move to full operational capability of the NATO Cyber Incident Response Center, and make good on the promise of Lisbon to pull it forward from 2015 to 2012.”
Strong support exists in the alliance for this step, Lynn said, and while finances always are a concern, he said he sees that happening.
Lynn said the alliance also is putting centralized governance mechanisms in place to protect its networks.
“You have to have configuration control. You have to have a single management structure,” he said. “One of the outputs of the agency reform effort that NATO is undertaking will be to get that centralized governance structure.”
Lynn also participated in a public- and private-sector cybersecurity roundtable sponsored by Navy Adm. James G. Stavridis, NATO’s supreme allied commander for Europe. The roundtable included representatives from private companies, colleges and think tanks.
“It reflects the mutual interdependence of economic and security factors,” Lynn said. “It reflects the fact that [cybersecurity] is not a problem like air defense, where you would look to the government alone to provide the solution.”
Cybersecurity has to include private and nongovernmental entities, Lynn said, and the private-sector representatives didn’t really argue.
“The overall thrust [during the roundtable] is that companies believe this needs to be a partnership,” he said.
Lynn emphasized the word “partnership,” saying he believes the issue needs government resources and support, but not necessarily government orders. “I got the same message here as I did in the States,” he said.
The private sector has enormous technologies to share, and governments have resources to invest in those technologies. Still, Lynn said, it is a learning experience for both sides.
In the United States, the Defense Department works closely with firms making up the Defense industrial base to protect networks and data on those nets. At first, the firms were worried about sharing proprietary information, but now they see the value, Lynn said.
“Many of their fears have fallen away, and we have a very good two-way street with them,” Lynn said. The fears are not completely gone, he acknowledged, but they have relaxed to the point that they see their data is being protected. And they “are gaining a much better understanding of what the threat is, where it is coming from and how other people are dealing with it,” he added. “Essentially, the rising tide is lifting all boats in its ability to protect.”
The Defense Department has learned important lessons in protecting U.S. military networks, Lynn said, and he reached out to the European Union and the European Defense Agency to share those lessons.