Lynn: NATO Must Get Ahead of Cyber Threat
By Jim Garamone
American Forces Press Service
BRUSSELS, Belgium, Jan. 25, 2011 Now is the time for NATO to get ahead of the cyber threat, Deputy Defense Secretary William J. Lynn III said here today.
“The cyber threat is still maturing,” he told reporters at the European Defense Agency. “I don’t think we’re at the final stage of what that threat may look like.”
NATO’s November summit in Lisbon, Portugal, crystallized NATO thinking about the cyber threat, Lynn said. The alliance’s thinking has evolved a long way from April 2007, he said, when Estonia suffered a massive denial-of-service attack. The decisions the alliance is making now are informed by that attack and similar experiences in Georgia in 2008, as well as by the constant attacks on U.S. and NATO military networks.
Cyber threats have increased in numbers and sophistication, Lynn said. The “first phase” threat is “really concentrated on exploitation –- that’s threats of intellectual property, stealing military secrets, espionage,” he explained.
Exploitation has moved beyond that toward the threat of denial of service, Lynn said.
“That’s really what Estonia and Georgia were about -– that’s an escalation of the potential threat,” he said, adding that he sees a potential third-phase threat.
“The potential exists for capabilities that are much more destructive,” he added, noting that this threat could target transportation or financial networks.
“We’re largely in the exploitation/denial phase, but history will tell you that somebody will take it to the extreme,” Lynn said. “That’s a significant reason to act now – to get ahead of that kind of threat.”
The United States and NATO need to put in place appropriate protections for critical networks before the threat matures, Lynn said.
“The discussion for NATO today is the threshold step -- we need to be able to protect our own military networks, and we’re frankly not there yet,” he said. “I think until you are able to do that, it’s hard to look beyond for any other capabilities.”
NATO nations are moving quickly and taking the threats to cybersecurity seriously, he said. The discussion in the alliance six months ago was what constituted an attack, he noted, and now the discussion is less on that than on just moving forward with defenses.
Lynn said the discussion of the definition of an attack always will be around –- especially what constitutes an attack under Article 5 of the NATO Charter, which declares that an attack on one alliance member is an attack on all –- but planners are moving beyond this and simply addressing the threats.