Secretary of Defense Ashton B. Carter unveiled the Pentagon’s new cybersecurity strategy before a Stanford audience Thursday, saying the United States would defend the nation using cyber warfare and calling for a renewed partnership with Silicon Valley.
Carter, the first sitting secretary of defense to speak on the Stanford campus in two decades, warned cyber criminals that Washington considers a cyber attack against the homeland or American businesses and citizens like any other threat to national security.
“Adversaries should know that our preference for deterrence and our defensive posture don’t diminish our willingness to use cyber options if necessary,” he told the audience at CEMEX Auditorium. “And when we do take action – defensive or otherwise, conventionally or in cyberspace – we operate under rules of engagement that comply with domestic and international law.”
Carter, who has a doctorate in theoretical physics, has strong ties to technology. He knows that as he takes the helm at the Pentagon, digital innovators and cyber criminals are trying to outpace one another at breakneck speeds. A strong partnership between military strategist and technologists would establish an unbeatable pact, he said.
The secretary was a senior partner at Global Technology Partners, where he advised major investment firms on technology and defense. He acknowledges the boundless transformation of technology and the opportunities and prosperity that it has brought to all sectors of American society.
But, he added: “The same Internet that enables Wikipedia also allows terrorists to learn how to build a bomb. And the same technologies we use to target cruise missiles and jam enemy air defenses can be used against our own forces – and they’re now available to the highest bidder.”
This is why, he said, the Pentagon must rebuild the bridge between Washington and Silicon Valley. “Renewing our partnership is the only way we can do this right.” Carter was building on President Barack Obama’s cybersecurity policies outlined by the president at the White House Summit on Cybersecurity and Consumer Protection at Stanford earlier this year.
Carter was the Payne distinguished visitor at the Freeman Spogli Institute for International Studies and a distinguished visiting fellow at the Hoover Institution until he was sworn in as the 25th secretary of defense in February.
The lecture is named for theoretical physicist and arms control expert Sidney Drell, the center’s co-founder, a senior fellow at Hoover and former director of the SLAC National Accelerator Laboratory. Drell and former Secretary of Defense William J. Perry – a FSI senior fellow and consulting professor at CISAC – were both mentors to Carter and he thanked them at length before his formal policy speech. (Read here.)
"Secretary Carter is the first sitting secretary of defense to speak in Silicon Valley in 20 years," said CISAC Co-Director and Hoover senior fellow Amy Zegart, who led a Q&A session with Carter at the end of his talk. "This was an historic day, with the unveiling of DoD's new cyber strategy, and we are honored that Stanford could play a part. Cybersecurity is one of the toughest international security challenges of our time, and we are dedicated to playing a leading role in bringing together policymakers, scholars, and industry leaders to develop the new technologies, talent, and ideas that our nation requires."
As Carter was speaking, the Department of Defense released online its new cyber strategy based on three primary missions: To defend the Pentagon’s networks; to defend the United States and its interests against cyber attacks of “significant consequences”; and to provide integrated cyber capabilities to support military operations and contingency plans.
“The cyber threat against U.S. interests is increasing in severity and sophistication,” Carter said. “While the North Korean cyber attack on Sony was the most destructive on a U.S. entity so far, this threat affects us all. Just as Russia and China have advanced cyber capabilities and strategies ranging from stealthy network penetration to intellectual property theft, criminal and terrorist networks are also increasing their cyber operations. Low-cost and global proliferation of malware have lowered barriers to entry and made it easier for smaller malicious actors to strike in cyberspace.”
The cyber strategy calls for a 6,200-strong Cyber Mission Force of military, civilian and defense contractors, with 133 cyber protection and combat teams in action by 2018.
“These are the talented individuals who hunt down intruders, red-team our networks and perform the forensics that help keep our systems secure,” Carter said.
And the Pentagon is creating a new “point of partnership” in the Silicon Valley called the Defense Innovation Unit X.
“The first-of-its-kind unit will be staffed by an elite team of active-duty and civilian personnel, plus key people from the Reserves, where some of our best technical talent resides,” he said, adding the unit would scout for breakthrough and emerging technologies and potentially help startups find new ways to work with the military.
The Pentagon will establish a branch of the U.S. Digital Service, the outgrowth of the technical team that helped rescue the beleaguered healthcare.gov site, which collapsed when the Affordable Care Act was implemented.
Herb Lin, a senior research scholar for cyber policy and security at CISAC and a research fellow at Hoover, said the concept was particularly noteworthy. “He’s asking technologists to take a tour of duty helping the DoD by working on some important technical problems. I heartily endorse this vision.”
Lin said the new DoD cyber strategy that was released online is also notable for its openness about the role of the Pentagon’s offensive cyber capabilities.
“It’s been an open secret for a long time that DoD has these capabilities, but by discussing them more forthrightly than any defense secretary has done before, Dr. Carter has done a real public service,” Lin said. “And the announcement of the new strategy will spark much needed conversations among policymakers and researchers about what should be done with these capabilities.”
Lin – chief scientist for the Computer Science and Telecommunications Board, National Research Council of the National Academies before coming to Stanford earlier this year – was also impressed by how open Carter was about wanting to repair relations with Silicon Valley. Those have been frosty at best since the Edward Snowden revelations.
“That will be a hard task, but you have to start somewhere, and Carter is quite tech-savvy, so if anyone can make headway, he can,” Lin said.
The secretary was slated to visit Facebook after his speech and meet with tech leaders on Friday. Not only does he hope to make amends, but to enlist their support in countering the threat of cyber attacks and ensuring the military has the technology it needs.
Carter revealed that earlier this year, sensors that guard the Pentagon’s unclassified networks detected what they believed were Russian hackers. After investigating, they discovered an old vulnerability in one of the DoD’s legacy networks that hadn’t been patched. But they caught it and kicked off the hackers within 24 hours.
He said the incident had not been made public until now.
“Shining a bright light on such intrusions can eventually benefit us all, government and business alike,” he said. “As secretary of defense, I believe that we at the Pentagon must be open, and think, as I like to say, outside our five-sided box.”
After his speech, the secretary took questions from the Stanford and Twitter audiences in a session moderated by Zegart.
One of those questions from Twitter asked why young Stanford computer scientists or technologists from the valley would want to join the cyber teams at the Pentagon.
“Because we have the most exciting problems you can have in technology,” he said. “And they’re consequential – they matter.”
All Photos by Rod Searcey.