Pentagon Says Cyberspace Now an 'Operational Domain'
It's not as though the Pentagon has militarized cyberspace in the mode you might think of in some sort of anime like "Ghost in the Shell," but they are going to look at cyberspace differently. On Thursday, the Pentagon announced it would begin treating cyberspace as an operational domain, like land, sea, and air.
Deputy Defense Secretary William Lynn III outlined the new strategy in a speech at the National Defense University. At the same time, he spotlighted the importance of cyberdefense with an example that is most telling: in March alone, 24,000 files at a defense contractor were accessed.
Here's what Lynn said, "Our strategy's overriding emphasis is on denying the benefit of an attack. If an attack will not have its intended effect, those who wish us harm will have less reason to target us through cyberspace in the first place."
That's all pretty obvious: if they can't break in, why bother? The problem is, that considering that the truism is not if, but rather when a system will be hacked into, it's hard to see how this could be done. Even security firms see their systems broken into.
While Lynn did not go into more detail, it's possible he's speaking about a hack into EMC's RSA security division in March. That hack also led to later attacks, as the RSA attack gave the hackers the ability to create duplicate "SecurID" electronic keys for two-factor authentication.
Two-factor authentication requires two different pieces of identification to be presented in order for a user to access a system or network. In the case of RSA SecurID keys (or tokens), the token gives the user a constantly changing code to use, and a PIN or password is the second factor in the authentication.
Deputy Defense Secretary William Lynn III outlined the new strategy in a speech at the National Defense University. At the same time, he spotlighted the importance of cyberdefense with an example that is most telling: in March alone, 24,000 files at a defense contractor were accessed.
Here's what Lynn said, "Our strategy's overriding emphasis is on denying the benefit of an attack. If an attack will not have its intended effect, those who wish us harm will have less reason to target us through cyberspace in the first place."
That's all pretty obvious: if they can't break in, why bother? The problem is, that considering that the truism is not if, but rather when a system will be hacked into, it's hard to see how this could be done. Even security firms see their systems broken into.
While Lynn did not go into more detail, it's possible he's speaking about a hack into EMC's RSA security division in March. That hack also led to later attacks, as the RSA attack gave the hackers the ability to create duplicate "SecurID" electronic keys for two-factor authentication.
Two-factor authentication requires two different pieces of identification to be presented in order for a user to access a system or network. In the case of RSA SecurID keys (or tokens), the token gives the user a constantly changing code to use, and a PIN or password is the second factor in the authentication.
