March 23, 2012
US Military Has Already Succumbed To Cyber Threats
Security experts told the Senate Armed Services Subcommittee this week that foreign spies have penetrated computer networks of the U.S. military.
Experts from the U.S. National Security Agency and government labs said the penetration was likely so complete that attempts to curb it should stop.
They said America has to change the way it thought about protecting Department of Defense (DOD) computer networks.
"We've got the wrong mental model here," Dr James Peery, head of the Information Systems Analysis Center at the Sandia National Laboratories, told the subcommittee. "I think we have to go to a model where we assume that the adversary is in our networks."
He said cyberdefense heads need to spend less time with firewalls and gateways, and more time ensuring data was safe.
Dr Kaigham Gabriel, current head of the Defense Advanced Research Projects Agency (DARPA), said current cybersecurity methods is like treading water in the middle of the ocean.
He said all current methods do is slightly delay the day when they would cave in under the weight of maintaining its network defense.
"It's not that we're doing wrong things, it's just the nature of playing defense in cyber," Dr Gabriel told the subcommittee.
Dr Michael Wertheimer, director of research and development at the NSA, said low pay, delays over promotion and wage freezes made it hard for the U.S. government to keep talented computer security staff.
The Department of Defense said it will be delivering a set of cyberspace-specific rules of engagement in the coming months.
"We are working closely with the joint staff on the implementation of a transitional command and control model for cyberspace operations," Madelyn Creedon, assistant secretary of defense for Global Strategic Affairs, told the subcommittee.
This move comes after last year's move by the Pentagon to declare that cyber attacks were a potential act of war.
"If you shut down our power grid, maybe we will put a missile down one of your smokestacks," a military official said at the time of the declaration.
The DOD is also planning to share classified information on possible threats with Internet service providers and defense contractors in order to help defend itself from cybercriminals.