Steve Jobs is Apple of Pentagon's EyeLynn Also Discusses Sharing Classified Threat Warnings
The Pentagon takes 81 months to field a new computer system; Apple Computer took 24 months to develop the iPhone.
"That is less time than it takes us to prepare a budget and receive Congressional approval for it," Lynn said in his keynote address Tuesday at the RSA 2011 IT security conference in San Francisco. "This means I get permission to start a project at the same time Steve Jobs is talking on his new iPhone. It's not a fair trade. We have to close this gap. Silicon Valley can help us."
With Apple and other technology companies in mind, Lynn says the Defense Department is expanding its new Information Technology Exchange Program to promote the exchange of cybersecurity personnel between government and industry. "We want senior IT managers in the department to incorporate more commercial practices," he says. "And we want seasoned industry professionals to experience first-hand the unique challenges we face at DoD."
The deputy defense secretary also says he wants to extend the high level of protection afforded government IT systems by active defenses to private networks that operate infrastructure crucial to America's military and economy. Active defenses is a proactive approach to cybersecurity, and opeartes at network speed, using sensors, software and signatures derived from intelligence to detect and stop malicious code before it succeeds, Lynn said.
DoD shares unclassified threat information on a limited scale with defense companies whose networks contain sensitive information. "How to share classified signatures and the technology to employ them across the full range of industrial sectors that support the military and underpin the economy is a pressing policy question," Lynn said. "Owners and operators of critical infrastructure could benefit from the protections that active defenses provide. We have the technology and know-how to apply them in a civilian context. The real challenge at this point is developing the legal and policy framework to do so."
Another program Lynn says the Pentagon will expand relates to the number of units in the National Guard and Reserve dedicated to cybersecurity.
Addressing more than 1,000 IT security professionals, most working in the private sector, Lynn says government and industry can replicate the successful partnership that addressed the year 2000 millennium bug program.
"But unlike Y2K, we now face malicious, adaptive actors, bent on harm, rather than inanimate computer code written without the millennium in mind," he said. "In Y2K, we also had a known deadline to focus the nation's attention and resources. We have a deadline in today's effort as well: preventing a destructive cyberattack. We just don't know when it is."