Time to grab your Androids and equip them with pistols, all you cyber-attack ladies and gentlemen, because the Pentagon has decided to tap the ON button on when it comes to defending the United States Government when it comes to hacking. On Thursday, Pentagon officials announced that it would begin treating “cyberspace” as an operational domain, the same as land, sea, and air. This comes amid, but not directly in response to, an announcement that the Pentagon had very recently lost 24,000 files in a major network breach.
Earlier this year we spoke of how the Pentagon was setting the stage for military action against cyber attacks. That column contained the now-infamous military official spoken line: “If you shut down our power grid, maybe we will put a missile down one of your smokestacks.” At the time, the Pentagon had many issues to deal with such as finding the origin of attacks made and decisions including how to decide if an attack is serious enough to be considered an act of war.
The announcement made by the Pentagon yesterday was part of a new defense strategy outlined by Deputy Defense Secretary William Lynn III. This outline included talk of how denying the intruder access to their system in the first place was their first priority:
“Our strategy’s overriding emphasis is on denying the benefit of an attack. If an attack will not have its intended effect, those who wish us harm will have less reason to target us through cyberspace in the first place.” – Lynn III
One of the attacks the Pentagon more than likely has in mind is another attack that happened earlier this year that targeted EMC’s RSA security devision, this attach allowing the intruders access to the ability to create duplicate “SecurID” keys for two-factor authentication. What two-factor authentication includes, in a nutshell, is two different pieces of data, both of them required to gain access to a system. RSA SecurID tokens, for example, gives the user a constantly changing code to use on one hand, and a password or PIN code to use on the other.
How exactly the Pentagon’s treatment of cyberspace as an operational domain will change their ability to defend the country is still a slight mystery, but the implications of cyberspace sitting aside land, sea, and air are monstrous – wouldn’t you say?