Lynn: DoD focused on cybersecurity, auditability

Monday - 10/3/2011, 6:06pm EDT

William J. Lynn, III, deputy defense secretary

Download mp3

By Jolie Lee
Federal News Radio

William J. Lynn, III, the outgoing deputy defense secretary, said the biggest change at the Defense Department during his tenure was the increased focus on cybersecurity.

DoD has stood up a Cyber Command, treating cybersecurity as an "operational domain," on par with land, sea, air and space.

However, Lynn pointed out, a network can never be completely defensible — a lesson the Pentagon learned from a 2008 high-profile hack of the department's network known as "Operation Buckshot Yankee."

"The strategy you have to undertake is not to seek a perfect defense but to increase dramatically the cost for the attacker so ultimately they look elsewhere instead of trying to attack you," Lynn said in an interview with In Depth with Francis Rose.

The next step is to extend the level of security at DoD to other government networks, Lynn said.

"Ultimately, we need to develop a public-private partnership to defend our most important critical infrastructure networks," he said.

2017 is 'aggressive' deadline for auditability'

Lynn was DoD's comptroller from 1997 to 2001 and returned to the department as deputy secretary in 2009. President Obama has nominated Ashton Carter to replace Lynn.

Asked if DoD can be auditable in time, Lynn said, "I think it's very aggressive but we have a plan to make it."

Skepticism that DoD can make this goal is "certainly well-rooted," he said.

DoD is a "massive enterprise" that must coordinate its money flow with different systems.

Lynn said a strong indication of progress would be if, in the next couple of years, DoD has statements of budgetary resources that are auditable.

Supporting veterans

Support to wounded warriors is an area Lynn wants to see more improvement, specifically in cutting down the time for disability evaluations.

Currently, it takes about 400 days to make those evaluations.

"We need to get it down to under 200 days," Lynn said.

This story is part of Federal News Radio's daily Cybersecurity Update. For more cybersecurity news, click here.