Government, Private Industry Alliance to Defend Against Cyber-Attacks

News Analysis: Defense official says that military will team with private interests to thwart attacks against critical infrastructure by terrorists and rogue nations.

The U.S. military will work with private companies to protect critical infrastructure, a senior Department of Defense official told an audience at the National Defense University in Washington July 14.

During his speech, Deputy Secretary of Defense William Lynn said that U.S. military systems have been repeatedly attacked by foreign interests looking for information on technology, from nuclear weapons to drone aircraft. Lynn also pointed out that civilian companies that support the defense effort are being attacked and he gave as an example one contractor that lost 24,000 sensitive documents to a foreign government in March.

But Lynn also said that there's a significant threat to more basic critical infrastructure, such as power companies, transportation and financial services. He noted that nearly all the power used by military bases comes from civilian power companies and that the military depends on the banking system and on the transportation system.

"The country's critical infrastructure has also been probed," Lynn said. "Because much of this critical infrastructure supports military operations, its failure could compromise our abilities to protect the nation. Our military bases and installations are part of-not separate from-the critical infrastructure on which all Americans depend.

"Ninety-nine percent of the electricity the U.S. military uses comes from civilian sources," Lynn said. "Ninety percent of U.S. military voice and Internet communications travel over the same private networks that service homes and offices. We also rely on the transportation system to move military personnel and freight, on commercial refineries to provide fuel, and on the financial industry to process our payments."

Lynn revealed that the NDU Web site had been hacked and its server taken over by hostile forces briefly, and he said that the threat is growing daily. But Lynn also referred to criticism in the past that protecting critical infrastructure could also mean gathering private information, at least in the case of protecting financial institutions. Lynn said that the military had no interest in gathering such information.

Lynn said that with this in mind, the military was launching a new protection method for critical networks called the Defense Industrial Base (DIB) Cyber Pilot. He said that the DIB Cyber Pilot is a means of sharing classified threat intelligence with defense contractors and ISPs, along with information on how to deploy the information.

"In the DIB Cyber Pilot, the U.S. government is not monitoring, intercepting or storing any private-sector communications," Lynn said. He stressed that the focus is on helping private companies deal with threats, not with the DOD doing any monitoring. Lynn noted that even in its initial form, the DIB Cyber Pilot has already stopped a series of intrusions, and has provided critical information on the techniques the cyber-attackers used.