United States Department of Defense United States Department of Defense

Deputy Secretary of Defense Speech

Press Operations Bookmark and Share

Speech


Roundtable on Cyber Security with Australian Business and Civic Leaders

As Prepared for Delivery by Deputy Secretary of Defense William J. Lynn, III, Maritime Museum, Sydney, Australia, Saturday, February 13, 2010

 
Thank you Geoff.
 
Thank you all for interrupting your weekend to join us for an important conversation. 
 
My visit to Australia would not be complete without meeting with the civic and business leaders who have such a crucial stake in our defense alliance.
 
As many of you may know, our Secretaries of Defense and State, Bob Gates and Hillary Clinton, were scheduled to travel here last month for the Australia Ministerial meetings.  But they had to cancel at the last minute to coordinate our relief efforts after the Haiti earthquake.
 
Gates told me not to worry about the long trip—that traveling to Australia is easy.
 
He said, “You get on a plane, have a drink, watch a movie, fall asleep.  And then do this two more times.”
 
We may be far apart geographically, but this belies how close we are as allies.
 
You drive on the wrong side of road.  And what you call football is not what we call football.  But Australia is an indispensible friend of U.S.  You are there with us in every fight.  You respond to every request for support.  And you continue to take a leadership role in Asia.
 
Our two countries are the closest of allies, and have been for a very long time.  ‘
 
Our enduring alliance is memorialized in the Pentagon.  Just one floor below my office, a corridor along the Pentagon’s inner-most ring celebrates the ANZUS Treaty—the 1951 mutual security pact between Australia, New Zealand, and the U.S. 
 
To walk down the ANZUS corridor is to pass through more than 100 years of alliance history.  The corridor begins in 1908, with a picture of Teddy Roosevelt’s Great White Fleet being greeted by fireworks in Sydney Harbor.  It goes on to memorialize our joint efforts in the World Wars, in Korea, in Vietnam, in the Gulf War, and on into the present day. 
 
On 9/11, the ANZUS corridor filled with smoke from the plane that crashed into the Pentagon, killing 184.  A plaque now notes how in response, Prime Minister John Howard invoked the ANZUS treaty in defense of the U.S.
 
Today, Australian and American military personnel work together on five continents and in three oceans.
 
On missions that range from anti-pirate patrols off the Horn of Africa to counterinsurgent operations in Afghanistan, Australia is a stalwart ally. 
 
You are a significant contributor of troops in Afghanistan.  And with special operations units, unmanned areal vehicles, and air-to-air refueling capabilities, your troops are among the most capable and effective in the Afghan theater.
 
In keeping with your national character, your troops have headed straight to the fight.  They are in the south, in Oruzgan Province, which is a tough neighborhood even by Afghan standards. 
 
Australians have paid a high price for standing with us in the fight against violent extremism.  Your country has lain to rest 11 of its bravest young sons who made the ultimate sacrifice in Afghanistan.  The American people are deeply grateful for the burden Australia has borne.  We rely greatly on the resources that you bring to the fight.  We honor the commitment your country has made. 
 
As the war in Afghanistan enters a pivotal phase, Australian leadership has once again helped solidify world resolve. 
 
At the London conference the week before last, Foreign Minister Stephen Smith announced that more Australian diplomats and civilian workers are bound for Kabul.  He also pledged $100 million in new civilian funding for Afghanistan. 
 
This includes $25 million for the international reintegration fund that will supply pensions and land for Taliban fighters who lay down their arms.  By helping underwrite this Afghan initiative, Australians are looking ahead to provide an assured and lasting means to demobilize Taliban fighters who are willing to switch sides.
 
Because of our renewed efforts, we see the pieces coming into place to make real and measureable progress in the next 18-24 months.  It is too early to judge whether momentum on the ground has shifted.  But we believe that the new strategy will help us reach our goal of beginning the transition to Afghan leadership and control next year.
 
A stable and secure Afghanistan, free from terrorist threat, is a goal worth fighting for—for America, for Australia, for our partners, and for the Afghan people. 
 
Of course, our countries are partners in more than just Afghanistan.  Continuing our tradition of collaboration, our militaries are working together to understand and prepare for the future of defense. 
 
Last year, your government issued its defense whitepaper.  And last week, we released our Quadrennial Defense Review, a once-every-four-years look at the threats we face, and how we plan to meet them.  Representatives from your Department of Defense participated in the review from start to finish. 
 
These strategy documents pinpoint changes in the nature of war and chart our responses to them.  They detail how we will further strengthen our ability to fight irregular wars, to defeat asymmetric tactics, and to confront a more lethal spectrum of threats. 
 
We live in a world where terrorists and rogue states now have access to advanced capabilities, where make-shift bombs used by insurgents penetrate even the most advanced armor, and where small investments in specific technologies can inhibit our ability to operate in global commons—on the seas, in the air, in space, and in cyberspace.
 
So we are investing in new tools.  Our countries are jointly developing IED countermeasures, intelligence, surveillance, and reconnaissance platforms, and submarine technology.  And with the US-Australian Defense Trade Cooperation Treaty finally moving toward ratification, we are hopeful that our ability to develop and acquire battlefield systems will soon benefit from streamlined export control measures.  
 
But many challenges remain.  One of the most perilous of these is the cyber threat.  And that is the topic I want to focus on with you today.
 
I’m often asked what keeps me up at night.  Number one is the cyber threat.  If we don’t maintain our capabilities to defend our networks in the face of an attack, the consequences for our security will be dire. 
 
Each of our countries has relied upon the great oceans that surround us to shield us from attack.  However, our natural geographic defenses are of no use with cyber attacks.
 
The Internet is magical in its ability to connect us to others.  But it is also a two-way street.  It gives us access to the world, but also connects the world to us.   And the internet transports a keystroke half around the globe in 300 millisecond.
 
Over the past ten years, the frequency and sophistication of attacks have increased exponentially.  Our networks are under threat every hour of every day.  They are probed thousands of times a day.  They are scanned millions of time a day.  And we have not always been so successful in stopping intrusions or determining where they come from.
 
More than 100 foreign intelligence organizations are trying to hack into U.S. systems.  Foreign militaries are developing offensive cyber capabilities.  And some governments already have the capacity to disrupt elements of the U.S. information infrastructure.  We even see criminals who have world-class cyber capabilities. 
 
Not even our President has been spared.  During the presidential campaign in 2008, hackers gained access to campaign files of Barack Obama.  Policy papers, travel plans, and sensitive emails were all compromised.  The intrusion was eventually detected and repelled, but not before sensitive information was taken.
 
For all these reasons the President has called the cyber threat one of the “most serious economic and national security challenges we face as a nation.”
 
The Australian military and economy are just as dependent upon information technology as ours—and therefore just as vulnerable to the cyber threat.  Last year alone, Australia experienced 2400 assaults on its military networks, and an equal number against other government networks.
 
So the cyber threat is a very real one for both our militaries.  It is also, I am afraid, a threat to our economies, to both our critical infrastructural and to our intellectual property.
 
Computer security professionals have known for a long time that information stored on office networks is subject to theft and corporate espionage.  After the announcement by Google that it and over 30 other companies were subject to unprecedented cyber intrusions last month, many more people know this too.
 
The threat is so pervasive that a new computer, if unprotected, can be scanned within seconds and infected with malware within minutes.
 
The sheer volume of intellectual property vanishing through cyber intrusions is staggering.  Our national Library of Congress holds more scholarly material than has ever been brought together in all of history, yet an amount of intellectual property many times larger is stolen each year from networks maintained by U.S. businesses, universities, and government agencies.  And the problem extends far beyond the U.S.  All developed countries that make use of information technology are affected.
 
The threat comes not only from individuals and criminal syndicates.  It also comes from nation-states.  In fact, in the first survey of its kind, 600 IT security executives from around the world were asked about cyber vulnerabilities in their businesses.  More than half believe they have already been attacked by sophisticated government intruders. 
 
In response to the growing number of intrusions, allied governments have sounded the alarm.  Two years ago, the UK warned British financial institutions and other businesses of a specific threat to their operations.  And last month, Secretary of State Hillary Clinton called for the Chinese government to investigate the cyber intrusions that affected Google, which our National Security Agency is helping investigate. 
 
I am here to tell you that the threat is real, that it is here today, and that countering it will take a concerted effort, by both business and government, over many years.
 
Over the past ten years we have built layered and robust cyber defenses around our military networks.   With 15,000 networks and 7 million computing devices used by our Department, we have formally recognized cyberspace for what it is -– a domain similar to land, sea, air and space.  A domain that we depend upon and must protect. 
 
We are in the process of standing up a dedicated Cyber Command.  And like your own defense whitepaper, our Quadrennial Defense Review recognizes cyber as a priority area.
 
Australia has also taken a lead in centrally organizing its cyber defenses.  You have established the new Cyber Security Operations Center in the Department of Defense.  With 50 security analysts, software engineers, and scientists on 24-hour alert—and many more to come—the operations center embodies Australia’s commitment to face the cyber threat.   Because people refer to it by its acronym—CSOC—you can tell it is already an accepted part of department operations.
 
But there is much more that needs to be done.  And I am here today because we can only succeed at protecting our networks by working together.
 
To strengthen our military and our private sector networks, we need to take two interrelated steps.
 
First, we need to enhance still further how our governments and militaries cooperate on cyber defense.
 
There is strong logic to collective cyber defense. 
 
Knowing who your adversary is, and what they’ve already done, is a key part of mounting an effective response.  Yet determining where the attacks originate from, and who is responsible, is among the most difficult challenges we face. 
 
It is always best when searching for markers of attacks to cast the widest net possible.  Put simply, international cooperation is imperative for establishing the chain of events in an intrusion, and quickly and decisively fighting back.  Because of the difficulty in attribution, the reality is that we cannot defend our networks by ourselves. 
 
We have already partnered extensively with your government to respond to intrusions against our military networks.  Many of our computer defenses are already linked.  But far greater attention and resources are needed on both sides of the Pacific if we are to stay ahead of the cyber threat.
 
We need stronger agreements to facilitate the sharing of information, technology, and intelligence.  We need to develop a shared cyber doctrine that allows us to work fluidly with each other and with our other allies.  And we need to train together, in the field and through tabletop exercises at headquarters.   
 
I am working on each of these issues on this visit.  I will be meeting with Minister Faulkner on Tuesday.  And we anticipate conducting a cyber exercise later this year.
 
There is a second step we must take.
 
Although we have charted a clear course on the military front, one of the most crucial needs going forward is securing private sector networks against sophisticated attacks—attacks that ordinary countermeasures and anti-virus software will not defeat, and that, if successful, would threaten our critical infrastructure and global business competitiveness. 
 
We must take the steps necessary to organize our governments to assist the private sector in this task. 
 
Years of concerted investment on the military side in the U.S., Australia, the UK, and Canada has placed much of our cyber defense capabilities within our militaries and intelligence agencies.  But the private sector is also on the front lines. 
 
Here in Australia you now have a national Computer Emergency Response Team, which, if called upon, helps businesses respond to sophisticated intrusions.   Establishing a dedicated team focused on high-end cybercrime and commercial espionage lays the foundation for a regularized way of cooperating with the private sector. 
 
But no matter what the organizational formula is, using government tools to protect private networks raises difficult practical and legal questions. 
 
Making networks safer will ultimately require pushing down software that can detect patterns of threatening activity to a large number of users.  But attack vectors and signatures of cyber threats are often classified.  Monitoring networks similarly involves active and passive forms of surveillance.  But we must also ensure surveillance regimes respect civil liberties and protect private intellectual property.
 
How the private sector will organize itself to defend against the cyber threat is also unresolved.  Existing technologies can thwart a majority of cyber attacks, but defenses are expensive and burdensome.  Although many industries have made a major investment in defensive capabilities, not everyone is able to make that kind of investment on their own.  How then do we put in place the appropriate incentives to motivate private investment in cyber defenses?
 
So in the cyber domain we face enormous foundational challenges.  We must not only develop a military doctrine for protecting our networks.  We must also decide how our governments will leverage their capabilities to defend our countries, our economies, and our allies. 
 
Our efforts to develop a collective cyber defense, while certainly a daunting challenge, are only the latest chapter in our long history of defense cooperation. 
 
How we will respond to the cyber threat, and to shifting power-dynamics in the Asia-Pacific region, is now up to us.
 
Our alliance has helped keep the Pacific at peace for more than half a century.  We are right now taking the actions that will safeguard our future, and steel us against what threats may come.  The next plaque to go up in the Pentagon’s ANZUS corridor will chronicle the efforts we make to preserve our security.
 
The Great White Fleet that steamed into Sydney more than a century ago was a magnificent spectacle—a visible sign of the power America will deploy to defend our allies. 
 
Developments in cyber defenses won’t be greeted with the fireworks that met the fleet.  But they are just as important to our future security.
 
Thank you.

Most Recent Speeches

07/22/2014

As Delivered by Deputy Secretary of Defense Bob Work, The Pentagon

07/16/2014

As Prepared for Delivery by Deputy Secretary of Defense Bob Work, Washington, D.C.

07/16/2014

As Prepared for Delivery by Deputy Secretary of Defense Bob Work, Washington, D.C.

07/01/2014

As Prepared for Delivery by Deputy Secretary of Defense Bob Work, The Pentagon

06/27/2014

As Delivered by Deputy Secretary of Defense Bob Work, Washington Navy Yard, Washington, D.C.

06/22/2014

As Delivered by Secretary of Defense Chuck Hagel, Ford's Theatre, Washington, DC

06/20/2014

As Delivered by Secretary of Defense Chuck Hagel, Pentagon Hall of Heroes

06/19/2014

As Delivered by Deputy Secretary of Defense Bob Work, The Pentagon

06/18/2014

As Submitted by Secretary of Defense Chuck Hagel, Washington, DC

06/18/2014

As Delivered by Secretary of Defense Chuck Hagel, Washington, DC

Additional Links

Stay Connected