RSA 2011: US deputy defense secretary urges government/private sector collaboration

US deputy secretary of defence, William Lynn, has called for greater collaboration between government and the private sector in tackling cyber threats.

US deputy secretary of defence, William Lynn, has called for greater collaboration between government and the private sector in tackling cyber threats.

"I hope that we will be able to build the capability to deal with catastrophic cyber attacks before they happen," he told RSA Conference 2011.

Lynn called on the information security industry for help in developing technology to ensure government and business stay ahead in the cyber arms race.

The US government is in a unique position to share information with the security industry on cyber threats. "We are already sharing non-classified information, but the best way of sharing classified information on cyber threats remains a pressing policy question," he said.

Lynn used the opportunity to announce US government plans to make $500,000 (£309,000) available to boost research into encrypted processing and security in cloud and virtual environments.

He also announced government plans to promote information and skills sharing between the public and private sectors through an exchange programme.

"We want to introduce more commercial approaches in the public sector as well as provide insights to the unique challenges in cyber security faced by the Department of Defense (DoD)," said Lynn.

The DoD plans to make better use of skills at its disposal by tapping into the expertise among members of the National Guard and US reserve forces.

"By better using the specialised skills of these people, the DoD hopes to increase the military's capacity to carry out cyber-related missions," said Lynn.

Although it is just emerging, he said, it is clear that the ability to cause physical damage using malicious code [like Stuxnet] already exists.

However, the most capable [nation states] are the least likely to carry out catastrophic attacks against countries like the US because of their military power, said Lynn.

"But a destructive tool could be introduced into the wild by accident, and therefore we need to be able to defend against the full range of possibilities," he said.

Another big concern, said Lynn, is that such capabilities may become available to non-nation states like terrorist organisations, which are not as easily deterred.

"We need to develop stronger defences before that happens, but we need to act quickly as the window of opportunity is of indeterminate length," he said.

For this reason, the DoD has developed a five-point cyber strategy that recognises cyberspace as a new domain for warfare that requires:

  • Training and equipping forces to carry out cyber missions
  • Active defences that operate at network speed to stop malicious code
  • Taking steps to ensure critical infrastructure is protected
  • Developing collective defences with allies
  • Marshalling human and technological resources to boost US capabilities in cyberspace.

But effective cyber defence cannot be achieved by the military alone, said Lynn, especially as most critical infrastructure is in the hands of the private sector, which means public-private partnerships are critical to securing essential networks.

Read more on IT for government and public sector