In releasing the strategy, William J. Lynn III, the deputy defense secretary, disclosed that over the years “crucial” files stolen from defense industry data networks have included plans for missile tracking systems, satellite navigation devices, unmanned surveillancedrones and top-of-the-line jet fighters.
Some of the stolen data was mundane, and included plans for small parts of tanks, airplanes and submarines, he said.
“But a great deal of it concerns our most sensitive systems, including aircraft avionics, surveillance technologies, satellite communications systems and network security protocols,” Mr. Lynn disclosed.
Pentagon and administration officials declined to identify the military contractor whose data system was compromised in the March attack. They also refused to name the nation they suspected was the culprit, saying that any accusation was a matter of official, if confidential, diplomatic dialogue.
However, when major intrusions against computers operated by the Pentagon or military contractors have occurred in the past, officials have regularly blamed China, and sometimes Russia. Even so, it remains unknown whether the attacks were officially sponsored by those governments or were the work of industrial competitors or criminal hackers operating from inside those nations.
“Current countermeasures have not stopped this outflow of sensitive information,” Mr. Lynn said during a speech at the National Defense University. “We need to do more to guard our digital storehouses of design innovation.”
The Pentagon’s new strategy, which is the final official piece of a larger effort launched by the Obama administration to defend computer networks operated by the government and the private sector, calls for actively looking for attackers on the Internet rather than waiting for an intruder to attack. “You have to hunt on your own networks,” Mr. Lynn said. He stressed the importance of cooperation with foreign partners to spot computer-network threats before they try to crack systems in the United States.
The military’s new Cyber Command was ordered to prepare for defensivee and offensive operations on computer networks. Officials confirmed that the command has computer programs to carry out offensive operations in cyberspace if it is so ordered by the president.
Though for now the strategy is centered on how the United States can defend itself against an attack, Gen. James Cartwright, the vice chairman of the Joint Chiefs of Staff, said the Pentagon had to focus on offense — including the possibility of responding to a cyber attack with military action.
“If it’s O.K. to attack me and I’m not going to do anything other than improve my defenses every time you attack me, it’s very difficult to come up with a deterrent strategy,” General Cartwright told reporters on Thursday.
He said that American military commanders were now devoting 90 percent of their attention to building better firewalls and only 10 percent to ways of keeping hackers from attacking in the first place. He said a better strategy for the Pentagon would be the reverse, focusing almost entirely on offense.
The Pentagon, he said, needs a strategy
.