Cyberwar: Pentagon Takes On Cyber Enemies, Other Agencies
(click to view full)
In response to the growing threats to US military and civilian networks, the Pentagon has unveiling its first formal cyber strategy.
This follows a series of events over the last few years that have escalated cyber attacks against networks and infrastructure to warlike events. For example, an unidentified foreign national penetrated the internal networks of the Department of Defense (DoD) with an infected thumbdrive in 2008. In 2009, a virus known as Stuxnet, suspected of being the product of Israeli-US government collaboration, shutdown an Iranian nuclear power plant. And in 2011, defense contractor Lockheed Martin suffered a major cyber attack that was suspected of being carried out by the Chinese government.
While the Pentagon has struggled to combat these threats, it has also had to fight some within its own ranks, as well as other agencies, for authority in cyberspace. This article focuses on the growing cyber threat to US military and civilian infrastructure and the efforts being made by the Pentagon to deal with these threats.
Stuxnet and Beyond
Iranian nuclear facilities
(click to view full)
A major turning point in cyberwar came with the launch of the Stuxnet worm against an Iranian nuclear facility. Stuxnet was the first malware to specifically target control systems that operate industrial facilities, such as nuclear power plants.
In late 2009, Iran decommissioned and replaced 1,000 IR-I centrifuges at its nuclear fuel enrichment plant at Natanz. Iranian President Mahmoud Ahmadinejad later confirmed that the Stuxnet worm was the cause of the shutdown of the centrifuges.
US security firm Symantec reversed engineered the worm’s code and wrote a detailed white paper [PDF] on its operation. Symantec found traces of more than 30 programmers in the Stuxnet worm source code.
The white paper said that Stuxnet targeted industrial control systems known as supervisory control and data acquisition (SCADA) systems. The ultimate goal of Stuxnet was to sabotage that Iranian facility by reprogramming the SCADA systems’ programmable logic controllers (PLCs) to operate outside their specified boundaries.
A report on the Stuxnet worm by the Institute for Science and International Security (ISIS) said that, “Although mechanical failures or operational problems have often been discussed as causing problems in the IR-1 centrifuges, the crashing of such a large number of centrifuges over a relatively short period of time could have resulted from an infection of the Stuxnet malware.”
A January 2011 report by the New York Times claimed that Stuxnet was an Israeli-US project developed at the highly secretive Israeli Dimona complex in the Negev desert. Citing US and European experts, the article judged that US and Israel researchers developed the worm at the facility and tested it on nuclear centrifuges identical to centrifuges at Iran’s Natanz nuclear facility.
Although Stuxnet appears to have been developed to attack Iranian nuclear facilities, it has spread far beyond its intended target. The Stuxnet malware is able to be used against industrial facilities in Western countries, including the US, the Symantec researchers concluded.
“While Stuxnet is a targeted threat, the use of a variety of propagation techniques… has meant that Stuxnet has spread beyond the initial target. These additional infections are likely to be ‘collateral damage’ – unintentional side-effects of the promiscuous initial propagation methodology utilized by Stuxnet. While infection rates will likely drop as users patch their computers against the vulnerabilities used for propagation, worms of this nature typically continue to be able to propagate via unsecured and unpatched computers.”
What does the future hold for Stuxnet-like worms that attack critical infrastructure, particular infrastructure run by SCADA systems?
Taking down a SCADA system only requires a network connection, a way to route packets to the PLC, and a way to bypass traffic filters, warned Avishai Wool, chief technology officer with AlgoSec.
Wool said that most industrial control systems use antiquated protocols that were designed before the systems were hooked up to integrated communications networks. Should an attacker gain access to a vulnerable network, the attackers could use network links to manipulate the PLC and possibly destroy the infrastructure.
While Stuxnet was sophisticated, its delivery mechanism, a USB drive, was old school, Wool noted. Cyber attacks using vulnerable networks, rather then worms planted in USB drives, could be the next stage of the war against critical infrastructure, he warned.
The China Connection
Source: USCC
(click to view full)
While the US and Israel were cited as possible sources of the Stuxnet worm, China has been accused of being the source of many high profile cyber attacks against major US and European companies and government networks.
For example, China has been fingered as being behind the 2011 hack of RSA’s SecurID database and the defense contractors that depend on the SecureID token for secure remote access by employees, according to security analysts.
The RSA breach was carried out using an advanced persistent threat (APT), and China is known for using the APT attack method, Rich Mogull, chief executive of Securosis, told CNet. “APT is a euphemism for China. There is a massive espionage campaign being waged by [that] country. It’s been going on for years, and it’s going to continue,” Mogull warned.
RSA admitted that the security breach at Lockheed Martin was the result of information taken from the SecureID database. In addition, cyber attacks on L-3 Communications and Northrop Grumman appear to have been the result of the RSA breach.
China had earlier been named as the source of the 2009 Operation Aurora attack that exploited a zero-day flaw in Internet Explorer to penetrate Google’s networks. Google said that the attackers stole intellectual property from the company and also targeted 20 other US companies.
China was also suspected of being behind the 2009 Night Dragon attacks on oil, gas, and energy companies. Chinese hackers stole sensitive intellectual property from these companies as well. A white paper by US security vendor McAfee found:
“Starting in November 2009, coordinated covert and targeted cyberattacks have been conducted against global oil, energy, and petrochemical companies. These attacks have involved social engineering, spear-phishing attacks, exploitation of Microsoft Windows operating systems vulnerabilities, Microsoft Active Directory compromises, and the use of remote administration tools (RATs) in targeting and harvesting sensitive competitive proprietary operations and project-financing information with regard to oil and gas field bids and operations. We have identified the tools, techniques, and network activities used in these continuing attacks — which we have dubbed Night Dragon — as originating primarily in China.”
In a report on China cyberwar activities [PDF], the US-China Economic and Security Review Commission (USCC) concluded that the Chinese People’s Liberation Army (PLA) is developing advanced cyber warfare capabilities.
“Increasingly, Chinese military strategists have come to view information dominance as the precursor for overall success in a conflict. The growing importance of [information warfare] to China’s People’s Liberation Army (PLA) is also driving it to develop more comprehensive computer network exploitation (CNE) techniques to support strategic intelligence collection objectives and to lay the foundation for success in potential future conflicts.”
The PLA has created special computer network attack and exploitation units using civilian as well as military personnel, the report noted. These units are engaged in a long-term, sophisticated computer network exploitation campaign against Western targets.
“The US information targeted to date could potentially benefit a nation-state defense industry, space program, selected civilian high technology industries, foreign policymakers interested in US leadership thinking on key China issues, and foreign military planners building an intelligence picture of US defense networks, logistics, and related military capabilities that could be exploited during a crisis.”
In its 2010 report to Congress [PDF], the USCC charged that state-owned China Telecom diverted internet traffic from the US and other nations for about 18 minutes on April 8/10 by publishing incorrect routing information that diverted data through Chinese servers.
The USCC said China Telecom actions caused other servers around the world to route all traffic to about 15% of the internet’s destinations through servers in China.
“This incident affected traffic to and from US government (.gov) and military (.mil) sites, including those for the Senate, the army, the navy, the marine corps, the air force, the office of secretary of defense, the National Aeronautics and Space Administration, the Department of Commerce, the National Oceanic and Atmospheric Administration, and many others,” the report said. It added that the commercial websites for Dell, Yahoo, Microsoft, and IBM were also affected.
Richard Clarke, a national security official in three US administrations, warned in a June 15/11 Wall Street Journal op-ed that the US administration is ignoring the growing threat from Chinese cyber attacks.
“Senior U.S. officials know well that the government of China is systematically attacking the computer networks of the U.S. government and American corporations. Beijing is successfully stealing research and development, software source code, manufacturing know-how and government plans. In a global competition among knowledge-based economies, Chinese cyberoperations are eroding America’s advantage.”
Clarke said that the administration is failing in its responsibility to protect US infrastructure from the “daily cyberwar” that China is conducting against the United States.
The Best Defense is Offense
down your smokestacks?
(click to view full)
To counter these growing threat, the Pentagon has developed its first cyber strategy. The unclassified version of the cyber strategy, unveiled in July 2011, is a superficial discussion of the DoD’s cyberspace strategy.
In releasing the strategy, Deputy Defense Secretary William Lynn admitted that “terabytes of data have been extracted by foreign intruders from corporate networks of defense companies. In a single intrusion this March, 24,000 files were taken.”
The stolen data range from specifications for small parts on tanks, airplanes and submarines to aircraft avionics, surveillance technologies, satellite communications systems and network security protocols, he added.
The cyber strategy identified five initiatives that the Pentagon is taking to thwart attacks in cyberspace:
- treat cyberspace as an operational domain to organize, train, and equip so that DoD can take full advantage of cyberspace’s potential;
- employ new defense operating concepts to protect DoD networks and systems;
- partner with other US government departments and agencies and with the private sector to enable a “whole-of-government” cybersecurity strategy;
- build relationships with US allies and international partners to strengthen collective cybersecurity; and
- leverage US expertise through promotion of a cyber workforce and technological innovation.
The unclassified version did not contain the more provocative provisions identified in a May 31/11 Wall Street Journal article, in which US military officials were cited as sources.
According to the article, the Pentagon cyber strategy would classify a major cyber attack against US infrastructure as an act of war that could trigger a conventional military response. As one Pentagon official put it, “If you shut down our power grid, maybe we will put a missile down one of your smokestacks.”
According to the WSJ sources, the Pentagon is developing the concept of “equivalence” to decide when a cyber attack would trigger a conventional response. If a cyber attack results in death, damage, or a high-level of disruption that a conventional military attack would cause, then it could be grounds for a conventional response.
To counter the impression that the cyber strategy was a provocative document, Lynn went so far as to say in releasing the document that attacks in cyberspace are hard to trace to the source, which makes retaliation an ineffective strategy. At the same time, he left the door open for an unspecified response to a major cyber attack. “The United States reserves the right, under the laws of armed conflict, to respond to serious cyber attacks with a proportional and justified military response at the time and place of its choosing.”
The cyber strategy includes details of how offensive cyber operations are being designed to protect DoD networks and systems. The Pentagon is working on an active cyber defense capability based on discovering, analyzing, and countering cyber threats and vulnerabilities by employing sensors, software, and network intelligence.
While not discussed in the unclassified cyber strategy, the use of cyberwar capabilities in conducting military operations is part of the US Cyber Command’s mission.
Cyber Command has the mission to “counter cyberspace threats and assure access to cyberspace” as well as “support the armed services’ ability to confidently conduct high-tempo, effective operations as well as protect command and control systems, and the cyberspace infrastructure supporting weapons system platforms from disruptions, intrusions, and attacks.”
There has been some confusion over exactly what the Cyber Command’s roles and responsibilities would be in cyber operations. In a May 2011 report, the Government Accountability Office (GAO) criticized the DoD for not being more specific about the Cyber Command’s roles and responsibilities in conducting cyberwar operations, particularly the role of civilians in such operations; the command and control relationships with the military commanders; and the mission requirements and capabilities to organize, train, and equip a cyber force. GAO was particular critical of the lack of specificity in the command’s Concept of Operations released in November 2010.
“[G]reater specificity is needed as to the categories of personnel that can conduct various types of cyberspace operations in order for the military services to organize, train, and equip cyber forces…Service officials indicated that DoD guidance was insufficient to determine precisely what civilian activities are permissible for certain cyber activities, that DoD is still reviewing the appropriate roles for government civilians in this domain, and that the military services may be constrained by limits on their total number of uniformed personnel, among other things. Without the specific guidance, the services may in the future have difficulty in meeting personnel needs for certain types of cyber forces.”
The services were also concerned about the lack of direction from Cyber Command about the command and control relationships between the command and regional military commanders, particularly if cyberwar operations are carried out on a global basis.
“Without a clear and specific command and control relationship model, however, the services are unclear as to how, to whom, and in what form they will be required to present forces for cyberspace operations. The military services do not know whether they will be required to present trained individuals or complete mission-capable units, and they do not know if those individuals or units will be presented to U.S. Cyber Command or to regional organizations under the control of the geographic combatant commands.”
To provide more direction to the Pentagon, President Obama signed in June 2011 executive orders that describe the rules of engagement for US military commanders in carrying out cyberattacks and other computer-based operations against other countries, according to a report by the Associated Press.
The orders provide guidelines as to when military commanders must seek presidential approval for cyberattacks on enemies, the report noted, citing defense officials and cybersecurity experts.
The new White House guidelines would allow the military to transmit computer code to another country’s network to test the route and make sure connections work in preparation for an actual assault. The guidelines also provide conditions under which the US military can respond to a cyber attack by blocking cyber intrusions and taking down servers in other countries.
Attribution: The Devil’s in the Details
(click to view larger)
Even after the US military determines that an attacked caused damage equivalent to a conventional attack, determining that a government was responsible for the attack may be problematic. For example, the Chinese government has denied involvement in any of the cyber attacks traced to China.
Commenting on the Pentagon’s strategy as reported by the WSJ, David Nicol, director of the Information Trust Institute at the University of Illinois at Urbana-Champaign, told Scientific American:
“Right now, with the infrastructure that we have it’s very difficult using purely technological means to trace the source of some kind of attack. You can’t just look at the connection between one computer and another because cyberattackers use multiple levels of cutout servers that make it difficult to determine where data is being sent. These computers that do the cutoffs are in foreign countries so there’s little recourse in terms of requesting log files from those computers.”
As Robert Hahn, director of economics at Oxford University’s Smith School, and Peter Passell, senior fellow at the Milken Institute in San Monica, commented in a June 4/11 op-ed in Forbes magazine:
“The source of a nuclear weapon can be traced relatively easily from the radioactive signature of the fissile material. But sophisticated hackers have a good shot at completing attacks without leaving fingerprints. And if you don’t know who did it, the threat of retaliation isn’t much of a deterrent.”
As an example of the attribution problem, researchers at McAfee confessed that they had “no direct evidence to name the originator” of the Night Dragon attacks on US oil, gas, and energy infrastructure but rather relied on “circumstantial evidence.”
“While we believe many actors have participated in these attacks, we have been able to identify one individual who has provided the crucial [command and control] infrastructure to the attackers — this individual is based in Heze City, Shandong Province, China. Although we don’t believe this individual is the mastermind behind these attacks, it is likely this person is aware or has information that can help identify at least some of the individuals, groups, or organizations responsible for these intrusions.
Beyond the curious use of the ‘zw.china’ password that unlocks the operation of the zwShell [command and control] Trojan, McAfee has determined that all of the identified data exfiltration activity occurred from Beijing-based IP addresses and operated inside the victim companies weekdays from 9:00 a.m. to 5:00 p.m. Beijing time, which also suggests that the involved individuals were ‘company men’ working on a regular job, rather than freelance or unprofessional hackers. In addition, the attackers employed hacking tools of Chinese origin and that are prevalent on Chinese underground hacking forums.”
So researchers from a leading US information security firm were only able to obtain circumstantial evidence that the attackers were Chinese “company men” working for an organization on a regular time schedule. This would hardly constitute sufficient evidence to support retaliation against the Chinese government, even if the damage done to the US energy infrastructure was severe. The problem of attribution would only be compounded if the perpetrators were non-state actors, such as Al-Qaeda.
Cyber Turf Wars
The Pentagon has not been unchallenged in its efforts to assert its authority in cyberspace. It has faced push back within its own ranks, from the Air Force in particular, and from other federal agencies, most notably the Department of Homeland Security.
The Air Force made an early grab to be the dominant force in cyberwarfare capability, asserting its authority over the cyberspace domain back in 2005. The Air Force then pushed to set up an 8,000-man strong cyber command to be called the Air Force Cyber Command (AFCYBER).
However, after a shakeup in the top levels of the Air Force in 2008, in which both the Air Force secretary and chief of staff stepped down, the service decided to suspend its efforts to set up the command. An internal Air Force memo dated Aug 11/08 obtained by Nextgov said that “transfers of manpower and resources, including activation and reassignment of units, shall be halted.”
The delay was ostensibly instituted to give the new chief of staff, Gen. Norton Schwartz, time to make a final decision on the scope and mission of the command. But service sources told Nextgov the decision was in response to fierce opposition from both the Army and the Navy, which were both developing expertise in cyber operations.
In fact, the Air Force never did set up the Air Force Cyber Command. Instead, responsibilities for the cyberspace mission were transferred to the 24th Air Force, which was set up in 2009 [PDF] under the Air Force Space Command. Its designation was official changed from Air Forces Strategic to Air Forces Cyber in 2010.
The 24th Air Force is now the service’s component of the US Cyber Command, along with the Army Forces Cyber Command, the Fleet Cyber Command, and the Marine Forces Cyber Command.
In addition, DHS, which has cybersecurity authority over civilian federal government networks, has pushed back on the Pentagon’s efforts to expand its cyberwarfare authority over US critical infrastructure, which is primarily privately owned.
DHS Secretary Janet Napolitano made clear in a December 2010 speech that she considers defending US critical infrastructure to be her domain, not the market’s or the military’s:
“Now, there are some who say that cybersecurity should be left to the market. The market will take care of it, and there are some who characterize the Internet as a battlefield on which we are fighting a war. So it’s the market or the war. Those are the two analogies that you hear. Not surprisingly, I take a different position. In my view, cyberspace is fundamentally a civilian space, and government has a role to help protect it, in partnership with responsible partners across the economy and across the globe.”
At the same time, DHS and the Pentagon have agreed to cooperate on the defense of critical infrastructure. In October 2010, the two sides signed a memorandum of understanding [PDF] to expand cooperation on securing US critical cyber-based infrastructure.
As part of the agreement, DHS is permitting Pentagon cyber analysts to work at DHS’s National Cybersecurity and Communications Integration Center (NCCIC), which provides an integrated incident response facility to mitigate cyber risks that could disrupt or degrade critical information technology functions and services.
The center combines the work of US Computer Emergency Readiness Team (US-CERT), which leads a public-private partnership to defend US cyber infrastructure; the National Coordinating Center for Telecommunications (NCC), the operational arm of the National Communications System; and the National Cybersecurity Center (NCSC), which coordinates operations among the six largest federal cyber centers, the DHS Office of Intelligence and Analysis, and private sector partners.
The Federal Bureau of Investigation (FBI), too, has asserted its authority in cyberspace. The top law enforcement agency said it was increasing its focus on combating cyber intrusions at US companies.
“We will increasingly put emphasis on addressing cyber threats in all of their variations,” FBI Director Robert Mueller told a Senate panel in June 2011. “The personnel in the bureau have the equipment, the capability, the skill, the experience to address those threats.”
However, the Justice Department’s Inspector General (IG) does not agree with Mueller’s assessment. In an April 2011 report [PDF], the IG said that many FBI field offices do not have the training, skills, and support to investigate cyber attacks.
The audit found that 36% of the FBI’s cybersquad agents interviewed “reported that they lacked the networking and counterintelligence expertise to investigate national security [computer] intrusion cases.” Five of the agents told investigators “they did not think they were able or qualified” to investigate such cases, the audit said.
The audit attributed the agents’ lack to cyber skills in part to the FBI’s rotation policy, in which agents are transferred among field offices without assessment of their cyber skills. As a result, a cyber agent may be transferred to a field office and perform work not related to his or her expertise. And the agent replacing the cyber agent may have no special cyber knowledge or training.
So the DoD has lots of competition from other agencies in its efforts to assert cyber authority over the private sector and US critical infrastructure.
Integration Efforts
November 8/11: Defense Advanced Research Projects Agency (DARPA) now runs several programs meant to support the DoD through lightweight, targeted research, including:
- Cyber Fast Track: Program Manager: Peiter Zatko
- Foundational Cyberwarfare, Program Manager: Daniel Roelker
- Cyber Genome, Program Manager: Timothy Fraser
- Beyond Passwords, Program Manager: Richard Guidorizzi
- Protecting UAVs from hacks.
August 16/11: Deputy Defense Secretary William J. Lynn III addressed the sort of territorial and coordination issues raised above at the DISA’s Customer and Industry Forum in Baltimore. Currently halfway through its 90-day course, the Defense Industrial Base (DIB) Cyber Pilot involves DoD, Homeland Security, and 20 companies that operate DOD networks. When the pilot was first announced back in June, the Washington Post listed AT&T, Verizon and CenturyLink as the involved Internet Service Providers (ISPs), while Lockheed Martin, SAIC, CSC and Northrop Grumman are among the defense contractors.
Threat signature information is shared by U.S. Cyber Command and NSA members with the participating companies, whose number is going to be increased. Lynn said the pilot “is intended to demonstrate that we can utilize this public-private partnership to protect critical infrastructure networks” with other government agencies in mind for possible replication of this dual model. USAF release.
Future War
(click to view full)
So what does the future hold in cyberspace? It seems that the Pentagon is finally taking the threats of cyber attack seriously. Offensive cyber operations will be a part of the US arsenal, whether as a response to a cyber attack by an adversary or as a component of a military strategy to defeat an enemy in the physical and cyber realms.
As noted above, worms like Stuxnet are likely to proliferate in the coming years, targeting critical infrastructure of industrialized economies. Countries like China can be counted on to develop sophisticated cyber attack methods in an effort to level the strategic playing field with the US.
Perhaps the most enduring question coming out of the Pentagon’s new cyber strategy is: Will the US military use conventional military power to respond to a major cyber attack on US infrastructure. If a country or non-state group succeeds in crippling the US energy grid, for example, will the US military put a missile down the smokestacks of the perpetrator. Can the perpetrator even be identified with enough confidence to provide justification for an attack?
These are questions that will need to be answered as the Pentagon refines its strategy. Two things are certain, however. First, cyber attacks against US military, government, and industrial targets will increase in number and severity. And second, the Pentagon will need robust cyberwar capabilities to defend the US in the 21st century.
Selected Contacts as of June 2011
- Larry Burger, US Army’s Future Warfare Center, tel: 256-955-3887, email larry.burger @ smdc.army.mil
- Dan Kuehl, Information Resources Management College, National Defense University, tel: 202-685-2257, email: kuehld @ ndu.edu
- Lt Gen Robert E. Schmidle Jr., deputy commander, US Cyber Command, email robert.schmidle @ usmc.mil
- Col Robert J. Skinner, Commander, USAF 688th Information Operations Wing, tel: 210-925-4425.
- Col. Glenn Zimmerman, DoD Cyber Space Task Force, tel: 703-697-2807, email: Glenn.Zimmerman-02 @ pentagon.af.mil
Additional Reading
- Reuters (November 7/11) – U.S. says will boost its cyber arsenal
- DoD (July 14/11) – Department of Defense Strategy for Operating in Cyberspace
- DID (June 2011) – DoD Cybersecurity Spending: Where’s the Beef?
- Associated Press (June 23/11) – Obama signs rules of engagement for cyberattacks on enemies
- Wall Street Journal (June 15/11) – China’s Cyberassault on America (Op-ed by Richard Clarke)
- Scientific American (June 13/11) – The Fog of Cyberwar: What Are the Rules of Engagement?
- Nature (June 8/11) – Computer security: Is this the start of cyberwarfare?
- Bloomberg (June 8/11) – FBI Will Increase Efforts to Battle Computer Hacking, Mueller Testifies
- Forbes (June 4/11) – Cyberwar with China? More Likely, the Enemy Will Be Anonymous
- Center for a New American Security Conference (June 2/11) – Cyber Security in the Information Age (C-SPAN video)
- C-SPAN/Washington Journal (June 1/11) – US Response to Cyber Attacks – Interview with Daniel Gallington of the Potomac Institute for Policy Studies
- The Guardian (June 1/11) – Google phishing: Chinese Gmail attack raises cyberwar tensions
- Air Force Magazine (June 2011) – Cyber Futures
- Wall Street Journal (May 31/11) – Cyber Combat: An Act of War
- Bloomberg (May 29/11) – U.S. Offers Lockheed Help After ‘Tenacious’ Cyber Attack
- GAO (May 20/11) – Defense Department Cyber Efforts: More Detailed Guidance Needed to Ensure Military Services Develop Appropriate Cyberspace Capabilities
- Survival (February-March 2011) – Stuxnet and the Future of Cyber War
- CSO (Feb 16/11) – DoD: Military Must be Capable Within ‘Cyber’ Domain
- The New York Times (Jan 15/11) – Israeli Test on Worm Called Crucial in Iran Nuclear Delay
- Institute for Science and International Security (Dec 22/10) – Did Stuxnet Take Out 1,000 Centrifuges at the Natanz Enrichment Plant? Preliminary Assessment
- Air Force (Dec 8/10) – 24th Air Force Becomes AFCYBER
- The Atlantic (Nov 4/10) – The Stuxnet Worm? More Than 30 People Built It
- House Armed Services Committee (Sept 23/10) – Operating in the Digital Domain: Organizing the Military Departments for Cyber Operations (Testimony of Maj Gen Richard E. Webber, Commander of the 24th Air Force
- Foreign Affairs (September/October 2010) – Defending a New Domain: The Pentagon’s Cyberstrategy (authored by William Lynn, US deputy secretary of defense)
- InformationWeek (Aug 25/10) – Pentagon Confirms Flash Drive Breached Military Network
- The Sunday Times (March 8/10) – Cyberwar declared as China hunts for the West’s intelligence secrets
- Air & Space Power Journal (Fall 2009) – Cyberspace Leadership: Towards New Culture, Conduct, and Capabilities
- Wired (Aug 18/09) – Air Force Establishes ‘Reduced’ Cyber-War Command
- Reuters (Aug 4/09) – White House still seeking cybersecurity
- Air & Space Power Journal (Fall 2008) – Redefining Air, Space, and Cyber Power
- Arts Technica (2008) – “Black Hat” is the new “Jarhead” for cyber warfare
- Signal magazine (August 2007) – Cyberspace Command Logs In
- Air & Space Power Journal (Spring 2007) – Dominant Air, Space, and Cyberspace Operations
- Space War (Oct 9/06) – US Air Force Prepares for Cyber Warfare
