|
Server : Apache/2.4.62 System : FreeBSD fbsdweb2.web.rcn.net 14.1-RELEASE FreeBSD 14.1-RELEASE releng/14.1-n267679-10e31f0946d8 GENERIC amd64 User : www ( 80) PHP Version : 8.3.8 Disable Function : NONE Directory : /domains/roger.dnai/moscow03/ |
Upload File : |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html><!-- InstanceBegin template="/Templates/2003_book.dwt" codeOutsideHTMLIsLocked="false" -->
<!-- DW6 -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<!-- InstanceBeginEditable name="doctitle" -->
<title>Center for Strategic Decision Research, Peter Struck, Michele Alliot-Marie, General George Joulwan, SACEUR, General James L. Jones, SHAPE, NATO, EU, BDLI, ILA, EADS, Northrop Grumman, Under Secretary Michael Wynne, Assistant Secretary Linton Wells, Ambassador William Burns, NATO Military Committee Chairman General Harald Kujat, General Dynamics, Boeing, Global Security Terrorism, Iraq, Afghanistan, Rainer Hertrich, David Stafford</title>
<!-- InstanceEndEditable --><link rel="stylesheet" href="../2002Book/emx_nav_right.css" type="text/css">
<script type="text/javascript">
<!--
var time = 3000;
var numofitems = 7;
//menu constructor
function menu(allitems,thisitem,startstate){
callname= "gl"+thisitem;
divname="subglobal"+thisitem;
this.numberofmenuitems = 7;
this.caller = document.getElementById(callname);
this.thediv = document.getElementById(divname);
this.thediv.style.visibility = startstate;
}
//menu methods
function ehandler(event,theobj){
for (var i=1; i<= theobj.numberofmenuitems; i++){
var shutdiv =eval( "menuitem"+i+".thediv");
shutdiv.style.visibility="hidden";
}
theobj.thediv.style.visibility="visible";
}
function closesubnav(event){
if ((event.clientY <48)||(event.clientY > 107)){
for (var i=1; i<= numofitems; i++){
var shutdiv =eval('menuitem'+i+'.thediv');
shutdiv.style.visibility='hidden';
}
}
}
// -->
</script>
<style type="text/css">
<!--
.style5 {font-weight: bold;
color: #000000;
font-family: Arial, Helvetica, sans-serif;
font-size: large;
}
.style7 {font-size: 2px}
.style8 {font-family: Arial, Helvetica, sans-serif}
.style16 {font-size: medium; color: #006699; font-weight: bold; }
.style17 {
font-size: x-small;
font-weight: bold;
}
.style18 {font-size: x-small}
.style197 {color: #000000}
.style209 {font-family: Verdana, Arial, Helvetica, sans-serif; font-weight: normal;}
.style217 {font-family: Verdana, Arial, Helvetica, sans-serif}
.style219 {font-style: normal; font-weight: normal; font-family: Verdana, Arial, Helvetica, sans-serif; }
.style222 {font-weight: normal; font-style: normal;}
.style19 {font-size: 11px}
-->
</style>
<!-- InstanceBeginEditable name="head" -->
<style type="text/css">
<!--
.style196 {color: #006699}
.style87 {font-size: small}
.style88 {font-size: large}
.style89 {font-size: medium}
-->
</style>
<!-- InstanceEndEditable -->
</head>
<body onmousemove="closesubnav(event);">
<div class="skipLinks">skip to: <a href="#content">page content</a> | <a href="../2002Book/pageNav">links on this page</a> | <a href="#globalNav">site navigation</a> | <a href="#siteInfo">footer (site information)</a> </div>
<div id="masthead">
<h1 align="center" id="siteName"><strong>Center for Strategic Decision Research</strong></h1>
<div id="globalNav"> <div id="globalLink">
<a href="../index.html" id="gl1" class="glink" onmouseover="ehandler(event,menuitem1);"><span class="style18"><span class="style19">Home</span></span></a><a href="../2004book/PeterStruckKeynote.htm" id="gl2" class="glink" onmouseover="ehandler(event,menuitem2);"><span class="style18"><span class="style19">Berlin '04</span></span></a><a href="weissingerbaylon.htm" id="gl3" class="glink" onmouseover="ehandler(event,menuitem3);"><span class="style18"><span class="style19">Moscow '03</span></span></a><a href="../berlin02/scharping.htm" id="gl4" class="glink" onmouseover="ehandler(event,menuitem4);"><span class="style18"><span class="style19">Berlin '02</span></span></a><a href="../2001Book/workshop2001.htm" id="gl5" class="glink" onmouseover="ehandler(event,menuitem5);"><span class="style18"><span class="style19">Helsingor '01</span></span></a><a href="../2000Book/workshop2000.htm" id="gl6" class="glink" onmouseover="ehandler(event,menuitem6);"><span class="style18"><span class="style19">Berlin '00</span></span></a><a href="../99Book/workshop1999.htm" id="gl6" class="glink" onmouseover="ehandler(event,menuitem6);"><span class="style18"><span class="style19">Budapest '99</span></span></a><a href="../98Book/workshop98.htm" id="gl6" class="glink" onmouseover="ehandler(event,menuitem6);"><span class="style18"><span class="style19">Vienna '98</span></span></a><a href="../97Book/workshop97.htm" id="gl6" class="glink" onmouseover="ehandler(event,menuitem6);"><span class="style18"><span class="style19">Prague '97</span></span></a><a href="../96Book/Workshop96.htm" id="gl6" class="glink" onmouseover="ehandler(event,menuitem6);"><span class="style18"><span class="style19">Warsaw '96</span></span></a><a href="../95Book/95Workshop.htm" id="gl7" class="glink" onmouseover="ehandler(event,menuitem7);"><span class="style18"><span class="style19">Dresden '95</span></span></a>
</div>
<!--end globalLinks-->
</div>
<!-- end globalNav -->
</div>
<!-- end masthead -->
<div id="pagecell1">
<!--pagecell1-->
<div id="breadCrumb"><br>
<table width="728" border="0" align="center">
<tr>
<td width="66" ><p><img src="../2004book/logo-kevin-web.jpg" width="60" height="66"></p> </td>
<td width="652"><div align="center" class="style5">20th International Workshop on Global Security - Moscow, 27-30 June 2003<br>
"Toward Global Security: New Strategies, Technologies, and Alliances"</div></td>
</tr>
</table>
</div>
<div class="style7" id="pageName"> P</div>
<div id="pageNav">
<div id="sectionLinks">
<p align="center" class="style17"><strong>Table of Contents</strong></p>
<p align="left" class="style18"><a href="joulwan.htm">Fmr SACEUR General George Joulwan </a><span class="style217"><strong></strong></span><span class="style217"><strong><a href="weissingerbaylon.htm">Workshop Chairman Roger Weissinger-Baylon </a></strong></span></p>
<p align="center" class="style18"><strong>Pa</strong><strong>rt 1 </strong></p>
<p class="style18"><span class="style217"><strong><a href="fursenko.htm">Russian First Deputy Industry, Science, Tech Minister Andrey Fursenko</a></strong></span><span class="style217"><strong><a href="vershbow.htm">US Ambassador to Russia Alexander Vershbow</a></strong></span><span class="style217"><strong><a href="lukin.htm">Russian Duma Deputy Speaker Vladimir Lukin </a></strong></span><span class="style217"><strong><a href="yavlinsky.htm">Russian Duma Member Grigory Yavlinsky</a></strong></span><span class="style217"><a href="velikhov.htm">Kurchatov Institute Director Evgeny Velikhov </a><a href="pickering.htm">Fmr US Ambassador to Russia Thomas Pickering</a><a href="portillo.htm">UK House of Commons Member Michael Portillo</a><a href="deruyt.htm">Belgian Ambassador to UN Jean de Ruyt</a><a href="vonploetz.htm">German Ambassador to Russia Hans-Friedrich von Ploetz </a><a href="wolsztynski.htm">French Air Force Chief of Staff General Richard Wolsztynski</a><a href="sedivy.htm">Fmr Czech Chief of Staff General Jiri Sedivy </a><a href="mehta.htm">Indian Armed Forces General Ashok Mehta</a></span><span class="style217"><a href="george.htm">UK House of Commons Member Bruce George</a></span><span class="style217"><a href="nurick.htm">Carnegie Moscow Center Director Robert Nurick</a><a href="ranquet.htm"> French Defense Ministry Dep Director Strat Affairs General Robert Ranquet</a></span></p>
<p align="center" class="style18"><strong>Part 2 </strong></p>
<p class="style18"><span class="style217"><span class="style222"><a href="fasslabend.htm">Fmr Austrian Defense Min Werner Fasslabend</a></span></span><span class="style217"><span class="style222"><a href="rogov.htm">Russian Acad of Sciences USA Canada Institute Director Serguey Rogov</a><a href="baranovsky.htm"> Russian Acad of Sciences IMEMO Deputy Director Vladimir Baranovsky</a><a href="piontkovskiy.htm">Strat Studies Ctr Director Andrey Piontkovskiy</a></span></span><span class="style219"><a href="onyszkiewicz.htm">Fmr Polish Defense Min Janusz Onyszkiewicz </a><a href="welti.htm"> Swiss Defense Ministry Security Policy Director Amb Philippe Welti</a><a href="pascu.htm">Romanian Defense Minister Ioan Pascu </a><a href="chandra.htm">Indian Dep Natl Security Advisor Satish Chandra</a><a href="marschan.htm">Finnish Defense Ministry Special Counselor Nikolai Marschan</a></span></p>
<p align="center" class="style18"><strong>Part 3 </strong></p>
<p class="style18"><span class="style219"><a href="volkman.htm">US Defense Dept Dir for Intl Coop Alfred Volkman</a><a href="dipaola.htm">Italian Sec Gen Defense Adm Giampaolo di Paola </a></span><span class="style209"><span class="style197"><a href="schuwirth.htm">EU Mil Staff Director General Rainer Schuwirth </a></span><span #invalid_attr_id="10px 0px 0px 10px"><span class="style197"><a href="naumann.htm">Fmr German Defense Chief Gen Klaus Naumann </a></span></span></span><span class="style219"><a href="cosentino.htm">Alenia Sr Vice President Carmelo Cosentino</a><a href="trice.htm">Lockheed Martin Sr Vice President Robert Trice </a><a href="ray.htm">Raytheon Europe President Norman Ray</a></span><span class="style219"><a href="dyson.htm">EDventure Chairman Esther Dyson</a></span><span class="style219"><a href="kravchenko.htm">Boeing Russia/CIS Pres Sergey Kravchenko</a></span><span class="style219"><a href="karachinsky.htm">IBS Group President Anatoly Karachinsky</a></span><span class="style219"><a href="doughty.htm">Motorola Vice President John Doughty</a></span><span class="style219"><a href="galitsky.htm">ELVIS+ Founder and CEO Alexander Galitsky</a></span><span class="style219"><a href="lentz.htm">US Assist Sec Defense Office Director of Info Assurance Robert Lentz</a> </span><span class="style219"><a href="coggins.htm">Silicon Graphics Sr Vice President Steve Coggins</a></span><span class="style219"><a href="gante.htm">BDLI President Hans-Joachim Gante</a></span><span class="style217"><a href="sinha.htm">MITRE VP Agam Sinha</a></span></p>
<p align="center" class="style18"><strong>Part 4 </strong></p>
<p class="style18"><span class="style219"><a href="linkevicius.htm">Lithuanian Defense Minister Linas Linkevicius</a></span><span class="style219"><a href="korcok.htm">Slovakian State Secretary of Foreign Affairs Ivan Korcok</a></span><span class="style219"><a href="brodi.htm">Hungarian Dep State Secretary of Foreign Affairs Gabor Brodi</a></span><span class="style219"><a href="hunter.htm">Fmr US Ambassador to NATO Robert Hunter</a></span><span class="style219"><a href="vondra.htm">Czech Dep Foreign Minister Alexandr Vondra</a></span><br>
</p>
</div>
</div>
<div id="content">
<div class="story"><!-- InstanceBeginEditable name="EditRegion1" --><div class="story">
<h1 align="center" class="style196"><span class="style88">Securing the Net: Information Assurance in the United States</span></h1>
<p align="center" class="style196 style89">Mr. Robert Lentz<br>
Director of Information Assurance, Office of the U.S. Assistant Secretary of Defense</p>
<p align="center" class="style16">OPENING REMARKS</p>
<p align="left" class="style87">I am honored and pleased to have the opportunity to tell you about the efforts of the United States Department of Defense to protect and defend our information systems and computer networks. As you all know, the Information Age brings both great opportunities and significant risks. Managing these risks to minimize their effect on the success of our overall mission is essential to achieve revolutions in both military and business affairs. How we will embrace that new interconnected world, however, is the challenge. </p>
<p align="left" class="style87"> The challenge has been visible in both our war fighting and our peacekeeping missions. It has also been visible in our business operations, where our acquisition cycle time has been reduced to 15 months for key information-technology systems and even less for commercial off-the-shelf technologies (COTS). Just look at the breakthroughs in wireless technologies. These new-age capabilities are at the heart of how we will conduct operations-by massing the effects of our highly mobile, widely distributed, self-synchronizing activities when and where desired, what we call netcentricity-to achieve information superiority. </p>
<p align="left" class="style87">To have information superiority, however, we must have interoperability and information assurance. I am going to focus now on this last element, information assurance, or IA, and what it means to us in the Department of Defense (DOD). </p>
<p align="left" class="style87"> To the Department of Defense, IA is synonymous with "securing the net." Our daily operations are conducted under a risk management philosophy-during peacetime, crisis, and war-and we have recognized that there is steadily increasing dependence on a global information environment over which we have little control. This heightens our exposure and vulnerability to a rapidly growing number of increasingly sophisticated internal and external threats. So we have learned to live on the net to achieve information decision superiority; not doing so would be like refusing to fly an airplane for fear of an accident. </p>
<p align="center" class="style16">EVOLVING THE DOD INFORMATION INFRASTRUCTURE</p>
<p align="left" class="style87"> Given the risks and the fact that weakness in any portion of Department of Defense networks is a threat to the operational readiness of all of its military services, the Department is moving aggressively to ensure the continuous availability, integrity, authentication, confidentiality, and non-repudiation of its information as well as the protection of its information infrastructure. Exercises and real-life events clearly demonstrate that DOD-wide improvement in information assurance is an absolute and continuous operational necessity. We can no longer be satisfied with reactive static defenses or after-the-fact solutions. </p>
<p align="center" class="style16">Incorporating New Technologies</p>
<p align="left" class="style87"> As the Department evolves its information infrastructure, it must consider how to continuously infuse new technologies and capabilities to keep pace with the rapid advances in the commercial sector. To that end, the Department is developing partnerships with industry to help us meet DOD's security, operational, and functional needs. Information and, more importantly, attainment of decision superiority demands that all of our mission partners take security seriously and begin to "bake security in" rather than "brush it on" later. We are currently working with major companies to develop IT solutions that are designed with security as an integral part of the technology. We are working with software producers to deliver products with security built in. We have begun to test software as it is developed to measure the security capabilities. In addition, we are partnering with emerging companies to help them define and refine their pre-market products to better address security needs and to exchange information on how the commercial and DOD markets might converge on critical technologies. </p>
<p align="center" class="style16 style89">Working with R&D Efforts and the Scientific Community</p>
<p align="left" class="style87"> Another key aspect to keeping pace with technology advances is to effectively influence the research and development, academic, and science and technology communities. The Department is actively working with each of these entities by identifying the "hard problems" and challenging them to bring to the table solutions that are scalable and can be implemented. </p>
<p align="left" class="style87"> We can no longer be satisfied with reactive or after-the-fact solutions. While we must continue to address our vulnerabilities to minimize our risks, it will take a concerted effort to raise the security awareness of everyone and to demand products with security as a core component. We all share risk in this "network-centric" world; it is up to us to ensure our mutual safety and protection as we move forward. </p>
<p align="center" class="style16">Pursuing the Defense-in-Depth Strategy</p>
<p align="left" class="style87"> Achieving information superiority requires a coherent strategy. We call this strategy Defense-in-Depth, in which layers of defense are used to achieve balanced, overall information assurance. The strategy recognizes that no single security element or security component can provide adequate assurance. It is based on layered security solutions that allow us to maximize the use of commercial off-the-shelf technology. The fundamental principle is that we need layers of protection to establish an adequate security posture. </p>
<p align="left" class="style87"> Enclaves, for example, require a strong perimeter to guard against malicious outsiders. Within each enclave, protection is also needed against malicious insiders who have penetrated the perimeter. This concept is relevant whether it is used to protect against potential adversaries gaining access over the Internet or enforcing community-of-interest or need-to-know isolation within an otherwise protected intranet. </p>
<p align="center" class="style16">Advancing Intrusion Detection</p>
<p align="left" class="style87"> In the area of intrusion detection, we are greatly accelerating the development of technologies to detect and respond to cyberattacks against critical infrastructures. Current intrusion-detection techniques are extremely limited in their ability to identify attacks, particularly large-scale attacks against multiple points in the infrastructure, such as Distributed Denial Of Service (DDOS) attacks against Internet service providers and e-commerce companies. We have been conducting research into a broad variety of concepts that offer the potential to identify the most sophisticated kinds of cyberattacks, analyze the attack method and source(s), and institute protective measures in near real time. </p>
<p align="left" class="style87"> Within the DOD, we have established detailed procedures for coordinating all cyberevents. The Joint Task Force-Computer Network Operations (JTF-CNO) is our focal point for dealing with cyberthreats, and it has the authority to coordinate and direct the defense of the department's computer systems and networks-a mission we entitle Computer Network Defense. </p>
<p align="left" class="style87"> We also are dependent on the International Common Criteria guidelines, which provide a standard methodology for evaluating software products and uncovering vulnerabilities critical to the protection of our networks and computer systems. We realize that the Department of Defense is not an island! There is tremendous pressure to bring more information services to our military customers, and vendors are eager to meet these needs. The challenge we face is that software solutions often are riddled with security problems for the IA specialist to solve. As emphasized earlier, we need to encourage developers to deliver information assurance-enabled products on the front end with a business model that provides a reasonable return on investment. </p>
<p align="center" class="style16">PARTNERING WITH LAW ENFORCEMENT AND INTERNATIONAL ORGANIZATIONS</p>
<p align="left" class="style87"> The success of the IA framework also depends upon law enforcement's ability to deter future cyberattacks through the successful prosecution of cybercriminals. The international nature of cybercrime, however, impedes law-enforcement efforts. Since a perpetrator may launch an attack from anywhere in the world or route an attack through many countries, international cooperation is necessary for tracing communications back to their source, securing electronic evidence, and extraditing fugitives. The difficulty in apprehending the perpetrator of the "I Love You" virus demonstrates the problems faced by law enforcement: because the actions of the perpetrator did not constitute a crime in the Philippines, the Philippine government did not prosecute or extradite the virus creator. </p>
<p align="left" class="style87"> The Council of Europe Cybercrime Convention removes such obstacles in three ways: by (1) requiring signatory countries to establish certain substantive offenses in the area of computer crime; (2) requiring parties to adopt domestic procedural laws to investigate computer crimes; and (3) providing a basis for international law-enforcement cooperation. We urge all nations to adopt such a framework for effective international assistance so that we may promptly respond to cybercrime. </p>
<p align="left" class="style87"> Regarding both the domestic and international fronts, President Bush recently signed the United States "National Strategy to Secure Cyberspace." The objectives of this strategy are to prevent cyberattacks against America's critical infrastructures, reduce our nation's vulnerability to cyberattacks, and minimize damage and recovery time when cyberattacks do occur. To accomplish these objectives, several critical priorities were established. The first is to establish a National Cyberspace Security Response System. Next, the nation will develop a National Cyberspace Security Threat and Vulnerability Reduction Program. To enhance the first two priorities, a program will be developed and executed to provide the nation with cyberspace security and awareness. The final two priorities call for securing the government's cyberspace, an objective DOD has focused on for many years. Finally, there will be an effort to enhance cooperation in the national security and international cyberspace security arenas. </p>
<p align="left" class="style87"> This U.S. international effort is supported by several other objectives. These include: </p>
<ul class="style87">
<li> To facilitate a dialogue between government and industry representatives and foreign public and private sectors on global information-infrastructure protection. </li>
<li>To encourage other nations to develop cyberwatch and cyberwarning capabilities to better inform government agencies, the public, and other countries of impending attacks or viruses. </li>
<li>To encourage regional organizations such as APEC, the EU, and the OAS to address cybersecurity issues. </li>
<li>To facilitate technology sharing-today more bilateral. </li>
<li>And to establish an international network capable of receiving, assessing, and disseminating cybersecurity-related information globally; we in DOD will continue to contribute to the execution of this national strategy and are engaging with allied and coalition partners to enhance the global cybersecurity effort. </li>
</ul>
<p align="center" class="style16">TRAINING AND WORKING WITH IT/IA PROFESSIONALS</p>
<p align="left" class="style87"> Finally, we continue to work on the most critical component of protecting the Department of Defense's information resources against modern-day cyberattacks: attracting and maintaining a corps of appropriately trained and experienced IT professionals. We have put a great deal of effort into resolving problems and issues in work-force management and information-technology information assurance education, training, and certification. We must leverage the power of the people! </p>
<p align="left" class="style87"> We are also implementing changes in the way the Department manages its IT work force and are establishing training standards and certification requirements for key IT/IA personnel. Our ability to recruit and retain highly qualified information-assurance specialists is critical to achieving the Department's goal of information superiority. </p>
<p align="center" class="style16">CONCLUDING REMARKS</p>
<p align="left" class="style87"> If we are to defend the infrastructures that allow our information processes to work effectively, we must remain constantly vigilant over our networks, which includes having skilled people and technology working together. Substantial IA progress has been made, but it is a journey, not a destination. As new technology is created, new kinds of attacks will be developed; new countermeasures will need to be adopted. </p>
<p align="left" class="style87"> There is much more that must be done to achieve information superiority, but the good news is that our leaders, from the President to our Secretary of Defense, are emphatic that IA is a core element of defense transformation and homeland security. If we expect to "secure the net," IA must not be a slogan but a major focus of investment and an operational priority. </p>
<p><br>
</p>
</div>
<!-- InstanceEndEditable --></div>
<div class="story">
<table width="100%" cellpadding="0" cellspacing="0" summary="">
<tr valign="top">
<td class="storyLeft"> <p>
</p></td>
</tr>
</table>
</div>
</div>
<!--end content -->
<div class="style8" id="siteInfo"> <a href="#">Top of page </a> | <a href="../index.html">Home</a> | ©2003
Center for Strategic Decision Research</div>
</div>
<!--end pagecell1-->
<br>
<script type="text/javascript">
<!--
var menuitem1 = new menu(7,1,"hidden");
var menuitem2 = new menu(7,2,"hidden");
var menuitem3 = new menu(7,3,"hidden");
var menuitem4 = new menu(7,4,"hidden");
var menuitem5 = new menu(7,5,"hidden");
var menuitem6 = new menu(7,6,"hidden");
var menuitem7 = new menu(7,7,"hidden");
// -->
</script>
</body>
<!-- InstanceEnd --></html>