Last week, William Lynn, deputy US defense secretary, unveiled the latest strategy to strengthen cyber capabilities to address the threats the US faces.
He outlined five pillars of the strategy that include treating cyberspace as an operational domain to organise, train, and equip to take advantage of cyberspace's potential; partnering with other departments in the US government and the private sector; and building international partners to strengthen collective cybersecurity.
"The high point of the strategy, in terms of impact on the nation's ability to protect its networks and systems, is the fifth pillar," said Alan Paller, director of research at the SANS Institute.
The fifth pillar of the strategy commits the US department of defense (DoD) to using "the nation's ingenuity through an exceptional workforce and rapid technological innovation".
Part of the impact of the initiative comes from the promise of innovative recruiting and training activities, said Paller, but the larger part comes from the promise of deployment of the federal procurement infrastructure or supply chain to provide incentives to vendors to build safer and more defensible systems and software.
"Procurement is the only major leverage the nation has - its $75bn IT expenditure. Leveraging that to persuade companies to deliver safer systems is the big step forward. However, the procurement Initiative works only for future systems that are touched by the procurement process," he said.
Another, almost equally valuable element, according to Paller, is in the second pillar of the strategy, which commits the DoD to new defence operating concepts, especially good "cyber hygiene" of safe practices along with more advanced "active defense" enabled by consolidating the DoD's collective cyberdefense capabilities under a single roof and by linking them with the signals intelligence needed to anticipate intrusions and attacks.
"This is the first time the nation has fully and publicly committed to continuous monitoring and active defense that will allow the federal government to raise the bar in securing existing systems. In sum, very well done," said Paller.
This story was first published by Computer Weekly