'Ethical Hackers' a critical need to bolster cyberdefenses, DoD Deputy Secretary tells ISI-hosted gathering

May 26, 2010

A top-level delegation from the Department of Defense visited Southern California recently and discussed a new domain of defense operations - cyberspace - and its novel and unique challenges.

United States Deputy Secretary of Defense William J. Lynn III led the group, which also included Deputy Assistant Secretary for Cyber and Space Policy Robert Butler, Program Executive for Defense Cyber Security and Implementation Robert Doheny, and Defense Advanced Research Projects Agency (DARPA) Director Dr. Regina Dugan.

Introduced by ISI Executive Director Herbert Schorr and USC Executive Vice President for Academic Planning and Budget Elizabeth Garrett, Lynn spoke to an audience of more than 80 business leaders and academics about "Redefining the Front Lines of National Security."

U.S. defense efforts, said Lynn, had historically divided geographically, with services specializing in land, sea and air (and space) systems for attack and defense.

Cyberspace, he said, was critical because the Army, Navy, and Air Force "all rely on cybertech for everything, are inextricably dependent on millions of computers the networks linking them, so that a successful attack had potentially disastrous consequences."

And the danger is not just theoretical. In cyberspace, American defenses are continually tested, he said, often untraceably.

Lynn talked about four areas of challenge.

&bull Military networks, he said are potential targets, as much or more than commercial ones.
&bull The infrastructure &ndash hardware and connections &ndash could also potentially be compromised, often indirectly and untraceably.
&bull Intellectual property &ndash the codes and algorithms that drive military computing can potentially be challenged by malware and 'botnets.
&bull The chips that make up the system can potentially contain dangerous add-ons: "You can get things into the hardware that can be very difficult to identify."


Activity in the new field of cyberwarfare still remains, he said, largely in the private sector because of first, the difficulty of firmly establishing the authorship of an attack; and then, even if the authors are known, retaliation involves difficult political issues.

And offensive as well as defensive cyber capabilities have to be part of the effort, he said, in order to establish consequences for attacking &ndash deterrence.

Lynn spoke of a three-layer defense effort. First was what he called "ordinary hygiene &ndash that is, don't download it." Additionally, perimeter defense —- firewalls isolating critical systems &ndash is important.

But perimeter defense is not enough, Lynn said. "Offense is critical. We need an active defense. Cyberwarfare is warfare of maneuver. We can't stay behind a Maginot line."

Lynn said that perhaps the most critical need for cyberdefense was human: highly trained men and women, "ethical hackers" &ndash "We need people highly trained in offense to coach the defense."

The uniqueness of the cyberwarfare arena emerged in Lynn's answer to questions about the possibility of international controls or regulation by treaty or negotiation. For such arrangements to work, he said, it must be possible for the parties to easily see others' assets and activities. In the cyber arena, he said, this is impossible: "we don't have surveillance information available."


ISI Director for Business, Education, Government and Health Innovation Winnie Callahan, (right in photo) played a central role in organizing the event. "At USC/ISI," she said, "we understand our mission is not simply to provide visionary technology-based research, but to bring awareness to our industry partners, in hopes of working together to develop effective strategies for protecting critical infrastructures and augmenting national security, &hellip crucial roles validated by the Deputy Secretary in his remarks."

Prominently in attendance at Lynn's address were President and CEO of the Los Angeles Area Chamber of Commerce Gary Toebben (left in photo) and President and CEO Los Angeles Chapter of InfraGard John Wentworth. Other organizations and firms represented included Sierra Software, Southern California Edison, Northrop Grumman, Raytheon, the L.A.P.D., General Dynamics, and the Aerospace Corporation, among others.