U.S. reboots cybersecurity strategy, with more talk of offensive capabilities
Ash Carter hopes Silicon Valley will help provide cutting-edge technologies
A new Pentagon cybersecurity strategy lays out for the first time publicly that the U.S. military plans to use cyberwarfare as an option in conflicts with enemies.
The 33-page strategy says the Defense Department "should be able to use cyber operations to disrupt an adversary's command and control networks, military-related critical infrastructure and weapons capabilities."
The cybersecurity strategy is the second done by the Pentagon and is slated for release Thursday, but it was obtained early by The Associated Press. The previous strategy, which was publicly released in 2011, made little reference to the Pentagon's offensive cyber capabilities, although U.S. officials have spoken quietly about the issue.
The new document takes a more open approach in part because officials said the Pentagon wants more transparency in its cyber mission — and because it could provide some deterrence to adversaries.
"I think it will be useful to us for the world to know that, first of all, we're going to protect ourselves, we're going to defend ourselves," Defense Secretary Ash Carter told reporters traveling with him to California. He added that the new strategy is "more clear and more specific about everything, including (U.S.) offense."
The strategy also, for the first time, includes a small section on U.S. concerns about continued cyberespionage by China against U.S. companies and agencies. It says the U.S. will continue to try to work with Beijing to bring greater understanding and transparency of each nation's cyber missions to "reduce the risks of misperception and miscalculation."
Carter is in Silicon Valley to reach out to high-tech companies and experts and seek their help in countering the growing cybersecurity threat and ensuring that America's military has the cutting-edge technologies it needs.
But he is likely to face a tough techie audience that has long been suspicious of U.S. surveillance programs and is determined to protect their clients and customers from government prying. He is giving a speech at Stanford University and expects to meet with technology company leaders, including Facebook chief operating officer Sheryl Sandberg, as well as a group of venture capitalists.
Speaking to reporters on the plane Wednesday, Carter acknowledged the challenge, including suspicions involving the case of intelligence leaker Edward Snowden.
"One of the things we need to do is have that dialogue," said Carter, who has long been entrenched in cybersecurity issues, including when he served as deputy defense secretary. "We have a tremendous common interest in having a safe but also open and prosperous society, so that's common ground, and it's that common ground I'm trying to get us to stand on."
Cyberattacks have grown more sophisticated
He agreed the military may face a "coolness" shortfall as it tries to lure young Silicon Valley techies to work with the Pentagon.
"To be relevant in today's world you have to have a coolness factor, so we want that, we want our mission to be exciting to people, for them to feel like it's cool to be part of something that's bigger than themselves."
Carter is expected to make a series of announcements about new ways the Pentagon will partner with technology firms. According to defense officials, he is setting up a full-time unit of military, civilian and reservist workers in the San Francisco Bay area in the next month or so to scout out promising emerging technologies and build better relations with the companies there.
He also will launch a pilot program with In-Q-Tel, a nonprofit technology company that already works with the U.S. intelligence community, to invest in early-stage innovations such as nano-electronics.
And the Pentagon will tap into the U.S. Digital Service to help coordinate the transfer of electronic health records between the Pentagon and the Department of Veterans Affairs. The service was created to help solve problems with the launch of the Obama administration's HealthCare.gov website.
Cyberattacks against U.S. government and industry have grown increasingly more severe and sophisticated. The new strategy says, "During heightened tensions or outright hostilities, DOD must be able to provide the president with a wide range of options for managing conflict escalation."
It adds that, as part of those options, the military must have cyber capabilities that can "achieve key security objectives with precision, and to minimize loss of life and destruction of property."
The announcements come on the heels of President Barack Obama's decision earlier this month to authorize financial sanctions against malicious overseas hackers or companies that use cyberespionage to steal U.S. trade secrets. Those companies could include state-owned corporations in Russia, China or other countries that have long been named as cyber adversaries.