Logo: University of Southern California

Deputy Secretary of Defense William J. Lynn III Speaks on Cyberwarfare

Says the most critical need for cyberdefense is highly trained men and women, "ethical hackers"
Eric Mankin
May 29, 2010 —

A top-level delegation from the Department of Defense visited Southern California recently and discussed a new domain of defense operations - cyberspace - and its novel and unique challenges.

ISI Executive Director Herbert Schorr, Deputy Secretary of Defense William J. Lynn III, and Defense Advanced Research Projects Agency (DARPA) Director Dr. Regina Dugan.
United States Deputy Secretary of Defense William J. Lynn III led the group, which also included Deputy Assistant Secretary for Cyber and Space Policy Robert Butler, Program Executive for Defense Cyber Security and Implementation Robert Doheny, and Defense Advanced Research Projects Agency (DARPA) Director Dr. Regina Dugan.
 
Introduced by ISI Executive Director Herbert Schorr and USC Executive Vice President for Academic Planning and Budget Elizabeth Garrett, Lynn spoke to an audience of more than 80 business leaders and academics about "Redefining the Front Lines of National Security."

U.S. defense efforts, said Lynn, had historically divided geographically, with services specializing in land, sea and air (and space) systems for attack and defense.

Cyberspace, he said, was critical because the Army, Navy, and Air Force "all rely on cybertech for everything, are inextricably dependent on millions of computers the networks linking them, so that a successful attack had potentially disastrous consequences."

And the danger is not just theoretical. In cyberspace, American defenses are continually tested, he said, often untraceably.

Lynn talked about four areas of challenge.

  • Military networks, he said are potential targets, as much or more than commercial ones.
  • The infrastructure – hardware and connections – could also potentially be compromised, often indirectly and untraceably.
  • Intellectual property – the codes and algorithms that drive military computing can potentially be challenged by malware and 'botnets.
  • The chips that make up the system can potentially contain dangerous add-ons: "You can get things into the hardware that can be very difficult to identify."

Activity in the new field of cyberwarfare still remains, he said, largely in the private sector because of first, the difficulty of firmly establishing the authorship of an attack; and then, even if the authors are known, retaliation involves difficult political issues.

And offensive as well as defensive cyber capabilities have to be part of the effort, he said, in order to establish consequences for attacking – deterrence.

Lynn spoke of a three-layer defense effort. First was what he called "ordinary hygiene – that is, don't download it." Additionally, perimeter defense --- firewalls isolating critical systems – is important.

ISI Director for Business, Education, Government and Health Innovation Winnie Callahan, right, with President and CEO of the Los Angeles Area Chamber of Commerce Gary Toebben

But perimeter defense is not enough, Lynn said. "Offense is critical. We need an active defense. Cyberwarfare is warfare of maneuver. We can't stay behind a Maginot line."

Lynn said that perhaps the most critical need for this offensive cyberdefense was human: highly trained men and women, "ethical hackers" – "We need people highly trained in offense to coach the defense."

The uniqueness of the cyberwarfare arena emerged in Lynn's answer to questions about the possibility of international controls or regulation by treaty or negotiation. For such arrangements to work, he said, it must be possible for the parties to easily see others' assets and activities. In the cyber arena, he said, this is impossible: "we don't have surveillance information available."

ISI Director for Business, Education, Government and Health Innovation Winnie Callahan played a central role in organizing the event. "At USC/ISI," she said, "we understand our mission is not simply to provide visionary technology-based research, but to bring awareness to our industry partners, in hopes of working together to develop effective strategies for protecting critical infrastructures and augmenting national security, … crucial roles validated by the Deputy Secretary in his remarks."

Prominently in attendance at Lynn's address were President and CEO of the Los Angeles Area Chamber of Commerce Gary Toebben and President and CEO Los Angeles Chapter of InfraGard John Wentworth. Other organizations and firms represented included Sierra Software, Southern California Edison, Northrop Grumman, Raytheon, the L.A.P.D., General Dynamics, and the Aerospace Corporation, among others.