The US military wants to exert more influence over the protection of power grids, transportation networks and financial network systems, a Pentagon official says in a broad-ranging essay published in Foreign Affairs.
In cyberwar, who's in charge?
To do so the Pentagon is urging that its defence expertise be put in play beyond the .mil domain to include .gov and .com and wants policy makers to figure out how best to do that.
The reasons are that the military relies on these networks to deal with suppliers and that these networks could become military targets, says William J. Lynn III, undersecretary of defence, in the essay called "Defending a New Domain."
"Protecting those networks and the networks that undergird critical US infrastructure must be part of Washington's national security and homeland defence missions," Lynn says.
Because the military relies on these networks, the expertise it has developed should be made available to them, he says, but he doesn't describe exactly how that would happen in practice.
"The best-laid plans for defending military networks will matter little if civilian infrastructure which could be directly targeted in a military conflict or held hostage and used as a bargaining chip against the US government is not secure," he says. "The Defense Department depends on the overall information technology infrastructure of the United States... The Pentagon is therefore working with the Department of Homeland Security and the private sector to look for innovative ways to use the military's cyberdefense capabilities to protect the defense industry."
Some of these defenses are being developed by the National Security Agency and include blending US intelligence capabilities with network security so that networks can react to threats detected by other means than network intrusion-detection tools.
"The National Security Agency has pioneered systems that, using warnings provided by US intelligence capabilities, automatically deploy defences to counter intrusions in real time," Lynn says.
"They work by placing scanning technology at the interface of military networks and the open Internet to detect and stop malicious code before it passes into military networks."
The Pentagon is also relying on Defense Advanced Research Projects Agency (DARPA) to come up with ways to blunt the capabilities of intruders. DARPA is trying to figure out a new basic design for Pentagon networks that would result in a generation-long overhaul to make hardware, software and computer languages less susceptible to cyber attack, he says.
Gaining the authority to impose military security on civilian assets is still in its infancy. "The US government has only just begun to broach the larger question of whether it is necessary and appropriate to use national resources, such as the defences that now guard military networks, to protect civilian infrastructure," Lynn says.
"Information networks connect a variety of institutions, so the effort to defend the United States will only succeed if it is coordinated across the government, with allies, and with partners in the commercial sector."