Rome '08 Workshop

Cyber-Security as a Global Priority

Mr. Robert Lentz

U.S. Deputy Assistant Secretary of Defense

Mr. Robert Lentz

W e are now going to continue the discussion on cyber-security that John Grimes teed up at lunchtime. I am not sure how many of you were at the Moscow workshop in 2003, but that was the first time we had an in-depth discussion on cyber-security, and we began the dialogue that has continued ever since. Roger has been nice enough to make this topic a key part of this year’s workshop.

CYBER-SECURITY—A GLOBAL PRIORITY

Cyber-security within the U.S. and within the international community, especially NATO, has become a very, very high priority. In January 2008 the president of the United States issued a new presidential directive on this issue. President Clinton issued the first one back in 1997-98 on critical infrastructure protection, and President Bush issued the first truly overarching one in 2003. Altogether there have been four or five presidential directives on cyber-security, so we are beginning to accelerate our emphasis on this issue.

As we talked about in 2007 with the defense minister from Estonia, the events in Estonia really upped the emphasis within the European continent on the fragility of the network. Within the Department of Defense and within the U.S. as a whole, the fragility of the network became a core issue in the late 90s; some of you might remember Solar Sunrise, which highlighted the challenges of defending the network and how fragile it was. It turned out that just three kids, one from Israel and two from California, brought down good chunks of the network. Soon after that event we conducted an exercise called Eligible Receiver that opened up the Department of Defense’s eyes to how much work we have to do to tighten up the network.

The bottom line is that the threat is increasing at such a rate that our dependency on the network and all the information that flows on it, all the platforms that are now tied to it, and all the business systems and economic systems that are linked to it make it imperative that the cyber-defenders and cyber-protectors do their job effectively. At this point in time, my assessment is that we are losing that battle. We have got to get on top of it.