PEN­TAGON CY­BER­SE­CU­RITY LACK­ING

The Washington Times Daily - - Nation -

A de­fense of­fi­cial told Congress this week that Pen­tagon se­cu­rity ef­forts against hack­ers and other threats re­main weak.

Kaigham J. Gabriel, act­ing di­rec­tor of the De­fense Ad­vanced Re­search Projects Agency, told a Se­nate hear­ing Tues­day that the Pen­tagon is “ca­pa­bil­ity-limited in cy­ber, both de­fen­sively and of­fen­sively.” “We need to change that,” Mr. Gabriel said. He noted that most de­tails of cy­ber­se­cu­rity threats and ef­forts to counter them can only be dis­closed at the “spe­cial-ac­cess level,” the most se­cret se­cu­rity clas­si­fi­ca­tion.

How­ever, in both public and pre­pared state­ments to the Se­nate Armed Ser­vices sub­com­mit­tee on emerg­ing threats, Mr. Gabriel is­sued un­usu­ally blunt crit­i­cism of Pen­tagon cy­ber­war­fare pro­grams, both of­fen­sive and de­fen­sive.

As for cy­berde­fenses, Mr. Gabriel re­vealed that “at­tack­ers can pen­e­trate our net­works.”

“In just three days and at a cost of only $18,000, the Host-based Se­cu­rity Sys­tem was pen­e­trated,” he said.

Also, pass­word se­cu­rity re­mains a “weak link.” For ex­am­ple, in se­cu­rity tests, 53,000 pass­words were given to sim­u­lated hack­ers and, within 48 hours, 38,000 pass­words were cracked. Also, the de­fense sup­ply chain is “at risk,” Mr. Gabriel said. “More than two-thirds of elec­tron­ics in U.S. ad­vanced fighter air­craft are fab­ri­cated in off-shore foundries,” he said.

Ad­di­tion­ally, phys­i­cal sys­tems can be pen­e­trated eas­ily by hack­ers. In one case, a smart­phone hun­dreds of miles away took con­trol of a car’s drive sys­tem through a se­cu­rity hole in its wire­less in­ter­face.

“The United States con­tin­ues to spend on cy­ber­se­cu­rity with limited in­crease in se­cu­rity,” Mr. Gabriel said. “The fed­eral gov­ern­ment ex­pended bil­lions of dol­lars in 2010, but the num­ber of ma­li­cious cy­ber­in­tru­sions has in­creased.”

Mr. Gabriel said the Pen­tagon has used a lay­ered ap­proach to pro­tect­ing net­works from at­tack that is not well-suited to deal­ing with evolv­ing cy­berthreats.

“Ma­li­cious cy­ber­at­tacks are not merely an ex­is­ten­tial threat to [De­fense Depart­ment] bits and bytes. They are a real threat to phys­i­cal sys­tems, in­clud­ing mil­i­tary sys­tems, and to U.S. warfight­ers,” he said. “The United States will not pre­vail against these threats sim­ply by scal­ing our cur­rent ap­proaches.”

Re­gard­ing of­fen­sive cy­ber­war­fare op­er­a­tions, Mr. Gabriel said the Pen­tagon “must have the ca­pa­bil­ity to con­duct of­fen­sive op­er­a­tions in cy­berspace to de­fend our na­tion, al­lies and in­ter­ests.”

The Pen­tagon needs a full range of cy­ber­tools for of­fen­sive at­tacks to se­cure na­tional in­ter­ests.

“Mod­ern op­er­a­tions will de­mand the ef­fec­tive use of cy­ber, ki­netic, and com­bined cy­ber and ki­netic means,” Mr. Gabriel said. He said the shelf life for such weapons may be “days” as de­fenses are de­vised or of­fen­sive at­tacks thwarted.

Cy­ber­war­fare tools also can be adapted from in­tel­li­gence-gath­er­ing meth­ods, he said.

“Rather, [cy­ber­war­fare] op­tions are needed that can be ex­e­cuted at the speed, scale and pace of our mil­i­tary ki­netic op­tions with com­pa­ra­ble pre­dicted out­comes,” he said.

In crit­i­cism of cur­rent U.S. gov­ern­ment squab­bling over con­trols and struc­ture, Mr. Gabriel said a bet­ter ques­tion to be asked once lines of au­thor­ity are clar­i­fied is: “What now?”

“The lack of ca­pa­bil­ity is the over­whelm­ing is­sue,” he said. “Fur­ther over­sight strate­gies must be up­dated and be at pace with the threat.”

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.