Mr. Lynn also stressed the importance of cooperation with foreign partners to spot computer network threats overseas, before they compromise systems here.

But James Lewis, an expert on computer network warfare at the Center for Strategic and International Studies, said the Pentagon’s computer networks were vulnerable to security gaps in the systems of allies with whom the military cooperates. America’s allies are “all over the map” on cybersecurity issues, Mr. Lewis said. “Some are very, very capable — and some are clueless.”

The military’s Cyber Command was created to coordinate defensive and offensive operations for Pentagon and military computer networks. Officials speak obliquely of its capabilities for carrying out offensive operations in cyberspace if ordered by the president. And for now, the new strategy is centered on how the United States can defend itself.

But Gen. James E. Cartwright, the vice chairman of the Joint Chiefs of Staff, said the Pentagon also had to focus on offense — including the possibility of responding to a cyberattack with military action.

“If it’s O.K. to attack me, and I’m not going to do anything other than improve my defenses every time you attack me, it’s very difficult to come up with a deterrent strategy,” General Cartwright told reporters on Thursday.

He said that in regard to cyberdefense, American military commanders were now devoting 90 percent of their attention to building better firewalls and only 10 percent to ways of deterring hackers from attacking. He said a better strategy would be the reverse, focusing almost entirely on offense.

The Pentagon, he said, needs a strategy “that says to the attacker, ‘If you do this, the price to you is going to go up, and it’s going to ever escalate.’ ” He added that right now “we’re on a path that is too predictable — it’s purely defensive. There is no penalty for attacking right now.”