Lynn Seeks Australian Cooperation in Cybersecurity
By Jim Garamone
American Forces Press Service
SYDNEY, Feb. 13, 2010 The alliance between the United States and Australia goes back to 1908 and has strengthened through shared sacrifices on the battlefields of World War I to actions against al-Qaida in Afghanistan, Deputy Defense Secretary William J. Lynn III said here today.
Deputy Defense Secretary William J. Lynn III discusses cybersecurity with Australian officials in a meeting at the Australian Maritime Museum in Sydney, Feb. 13, 2010. DoD photo by Air Force Master Sgt. Jerry Morrison
(Click photo for screen-resolution image);high-resolution image available.
The alliance must honor that past by staying united against the threats of the future, Lynn said during a roundtable discussion with Australian business and civic leaders at the Australian Maritime Museum here, noting that combating the threat of cyber attacks is one way the two countries can work together.
Australia has been a constant ally and has demonstrated it with about 1,550 troops in Afghanistan, Lynn said, but the alliance is more than just that country, and more than simply countering known threats. Both Australia and the United States are examining their militaries to face the threats of tomorrow, and both militaries are focusing on the changing nature of warfare.
“We are much less in a world now of ‘like on like,’” he said, using a term for traditional warfare in which, for example, cavalry fought cavalry, or fleet fought fleet. “We face a world now where it is much more likely to be a hybrid kind of conflict, where seemingly low-end forces could have sophisticated equipment, whether it’s improvised explosive devices that can penetrate the strongest armor, surface-to-air missiles, or whether it’s cyber capabilities.”
The United States and Australia have unmatched conventional warfare capabilities and will need to maintain them. The question then, Lynn said, is how to develop capabilities to counter those asymmetric threats.
“In the U.S., it means we are spending much more on cyber defense, but also intelligence, surveillance and reconnaissance [and] counter-IEDs,” he said. “We’re looking at long-range strike platforms to deal with anti-access tactics it looks the Chinese have developed with surface-to-surface missiles, trying to drive forces further and further from their borders and coasts.”
Of the many challenges of today’s world, the cyber threat is one of the most perilous and least understood, Lynn said. “It is the threat that keeps me up at night,” he added. He pointed to the range of cyber attack capabilities available. This week, in fact, Australian government sites have been attacked.
“It seems to me that what you are facing right now are ‘hacktivists,’” Lynn said. “Foreign governments, foreign intelligence services probably have more sophisticated abilities. At the same time, you could go the other direction and [consider] terrorist groups. I don’t think we’ve yet seen terrorist groups affirmatively use cyber capabilities to threaten one of our countries, but I think it’s well within the realm of possibilities.”
The Internet is a source of strength and a source of vulnerabilities. The military structure, financial structure, power grid and transportation structure are all dependent on the Internet, Lynn noted. “The ability to disrupt the Internet is increasingly something we need to focus on,” the deputy secretary said.
Over the past decade, the frequency and sophistication of attacks have increased exponentially. U.S. and Australian networks are under threat every hour of every day. The networks are probed thousands of times a day and scanned millions of time a day. “And we have not always been so successful in stopping intrusions or determining where they come from,” Lynn acknowledged. More than 100 foreign intelligence services are trying to hack into U.S. systems, he said.
The cyber threat also endangers critical infrastructures and intellectual property
The Google intrusion we’ve seen over the past few weeks, … I think that what this is really about is an attack on intellectual property,” he said. “We’re not spending enough time figuring out how we protect that intellectual property. Some estimates are that we lose the equivalent of the Library of Congress information in a year.”
Lynn said he’s most comfortable with the protection of military networks. Over the past 10 years, the Defense Department has built layered and robust defenses around the department’s 15,000 military networks and 7 million computing devices. “We’re on the right path,” he said. “We haven’t solved everything, … but we’ve limited points of access, set up active defenses, [and] we have internal instruction detection systems.”
But the Defense Department is only responsible for defending the “dot-mil” world. Lynn explained that the Department of Homeland Security has responsibility for the “dot-gov” world, and private firms are responsible for the “dot-com” domain.
“We have the same tension you do between how do we balance between protecting this incredibly important national asset and protecting peoples’ civil liberties and the right not to face government intrusion,” Lynn told the Australian forum. “We’re still working through ways to balance that.”
Part of the reason for his trip to Australia is to explore new ways for the United States to work with Australia against this threat, Lynn said.
“One of the significant challenges of cyber attacks is they do not respect borders,” he said. The Internet has its own sovereignty, he explained, and countries must collaborate in developing concepts of shared warning, exchanging technologies and exchanging threat profiles.
Securing the private networks is an even bigger challenge.
“I think we’re going to have to persuade the private sector that this is something they need to do,” he said. “Government can help, but given that balance between privacy and protection, this has to be a voluntary regimen in my mind. This can’t be something the government imposes on the private sector.”
He said he is interested in exploring voluntary defenses and policies. “For example, can you set up a domain that had both greater security and probably somewhat less privacy – it would be a ‘secure dot-com,’” he said. “You might want to put critical elements of the national infrastructure – the financial systems, the power grid, the air traffic control systems. You would give private sector entities a choice – you could be in secure dot-com and be in that world and exchange a bit less privacy for a substantial bit more protection, or you could stay in the Wild West.”
He reminded those in the roundtable that the cyber world is still in its infancy. He compared the development of aviation and the development of the Internet.
“This is 1928; we’re in the year of the biplane,” he said. “The first military use of the airplane was in 1908. The first use of the Internet out of the Defense Advanced Research Projects Agency was in 1988 or ’89. So it 20 years. Compared to aviation, we’re in the world of dirigibles and biplanes.”
The United States, Great Britain, Australia and other like-minded states are making a beginning, Lynn said. “But there is much more that needs to be done,” he added. “And I am here today because we can only succeed at protecting our networks by working together.”