The head of the Defense Department spoke to students at Stanford University as the Pentagon released an updated cyberstrategy for the first time in four years.
Key pillars of the strategy include defending DOD networks from malicious actors, protecting the United States from destructive cyberattacks and going on the offense when necessary.
Carter said the U.S. military must “embrace openness,” in part for deterrence purposes.
“Today, dozens of militaries are developing cyberforces, and because stability depends on avoiding miscalculation that could lead to escalation, militaries must talk to each other and understand each other’s abilities. And DOD must do its part to shed more light on cybercapabilities that have previously been developed in the shadows,” he said.
The new cyberstrategy was much more explicit about America’s offensive capabilities than the 2011 version, which focused more on defensive measures the Pentagon was taking to thwart attackers.
The document says that the president or the secretary of defense might order the U.S. military to conduct offensive operations to:
- terminate an ongoing conflict on U.S. terms
- deter or defeat strategic threats in other domains
- disrupt an adversary’s military-related networks or infrastructure to facilitate American military operations
To signal a desire for greater transparency, Carter disclosed a previously classified effort against Russian hackers who broke into a U.S. military network earlier this year.
The hackers gained access to an unclassified network after they discovered an old vulnerability in one of the Pentagon’s legacy networks that hadn’t been patched, according to the defense chief. He told students that DOD cyberofficials quickly identified the compromise and had a team of incident responders hunting the intruders.
After analyzing the intruders’ tactics and associating them with Russia, the U.S. military “kicked them off the network” in a way that minimized their chances of returning, Carter said.
The Pentagon leader said disclosing the nature of intrusions into American networks will help “raise awareness” about the seriousness of cyberthreats.
“Shining a bright light on such intrusions can eventually benefit us all — businesses and governments alike” by spurring greater cooperation, he said.
Carter is visiting business executive and venture capitalists in Silicon Valley this week in an effort to enhance ties between the Pentagon and those in the technology sector who might be able to help DOD deal with national security threats.
He said greater transparency on the part of the Pentagon when it comes to cyber is necessary to restore trust between tech-savvy civilians and DOD in the wake of the Edward Snowden’s revelations about controversial NSA spying activities.
NSA is closely aligned with the U.S. military, and the head of U.S. Cyber Command is dual-hatted as the director of the spy agency.
Despite his desire for greater transparency, Carter said that DOD is only willing to go so far when it comes to revealing its hand in the shadowy, often highly-classified world of cyber: “Unfortunately a lot of what we’re doing has to remain secret.”
©2015 the Stars and Stripes. Distributed by Tribune Content Agency, LLC.