Cyberspace:
A Fragile Ecosystem
Robert F. Lentz
Deputy Assistant Secretary of Defense
Cyber, Identity and Information Assurance
Unclassified//FOUO
1
UNCLASSIFIED
Dependence on Cyberspace
UNCLASSIFIED
Unclassified//FOUO
2
Looking Ahead . . . Looking Back
Waves of IT Industry Growth in the Information Age
10000
Grosch’s
Law
Moore’s
Law
Metcalf’s
Law
Number
of
Users
(Millions)
Network ‐
Centric
1000
Law
of
Transforma4on
Content ‐
Centric
PC‐Centric
100
Systems ‐
Centric
10
1
1970
1980
1990
2000
2010
Source:
David
Moschella,
“Waves
of
Power”,
1997
Unclassified//FOUO
2020
2030
Looking Ahead . . . Looking Back
(alternate story)
Unclassified//FOUO
4
Paradigm Shift
Unclassified//FOUO
UNCLASSIFIED
Are you a Starfish or a Spider?
 Starfish
 Peered
 Adaptive
 Resilient
 Spider
 Hierarchical
 Resists Change
 Fragile
UNCLASSIFIED
Unclassified//FOUO
6
Cyber Risk Management
Cyber
Time & Environment
Information
Content & Services
Identity
Individuals, Organizations,
Equipment
Unclassified//FOUO
UNCLASSIFIED
Vignette: The Recapture of Fallujah
UNCLASSIFIED
Unclassified//FOUO
8
UNCLASSIFIED
Vignette: World War II Cryptography
UNCLASSIFIED
Unclassified//FOUO
9
Shift in Strategic Focus
FROM
TO
• Protect Information
• Ensure Operational Success
• Static Pre-Placed Defenses
• Dynamic Network and
Information Operations
• Proprietary Point Solutions
• Policy-Based Enterprise
• People Intensive
• Integrated Services
• Fragile Information
Technology
• Resilient Cyber Ecosystem
Unclassified//FOUO
Toward a Resilient Cyber Ecosystem
Secure Information Access
E
E
Resilient
D
D
C
C
B
B
A
A
Speed of Action
A
A
Reactive &
Manual
Security
administrators follow
rules and do their
best to “put out fires”
B
B
C
C
Tools-Based
Interoperable
Tools and
technologies are
applied piecemeal
to assist people in
reacting faster
Loosely integrated
tools exchange data to
assist people with
cyber situational
awareness
D
D
E
E
Policy-Based
Resilient
The enterprise
instantiates
security policy,
illuminates events and
helps the operators
find, fix, and target for
response
Enterprise optimizes
service to user by to
dynamically isolating
and containing effects –
including in supply
chain and underlying
infrastructure
11
Unclassified//FOUO
Trends, Challenges, and Opportunities
• Strengthen Network Underpinnings
• Assure Software & Systems
• Managing Attack Surfaces
• Reducing Anonymity
• Improving Cyber Awareness
• Automating Security Content
• Mission Based Architectures
Unclassified//FOUO
It’s not just about technology . . .
National Centers of Academic Excellence
in Information Assurance Education
106 Colleges & Universities
in 38 States & DC
The US Cyber Challenge – discover, train and
recruit the best talent in the country
Unclassified//FOUO
UNCLASSIFIED
Culture Change for Cyberspace . . .
UNCLASSIFIED
Unclassified//FOUO
14