DOD, Industry Address ‘Intense Challenge’ of Cyber Security

By Gerry J. Gilmore American Forces Press Service ARLINGTON, Va., Nov. 7, 2011 – Senior Defense Department officials and members of the information technology industry met here today to discuss how to better protect military and commercial cyberspace. The potential capability for cyber mayhem makes cyber security “one of the most intense challenges of our time,” Regina E. Dugan, director of the Defense Advanced Research Projects Agency, told hundreds of audience members who gathered at a hotel here for DARPA’s one-day “Cyber Colloquium.” The Internet has fueled advancements and opportunities in business, medicine and other spheres, said Army Gen. Keith B. Alexander, commander of U.S. Cyber Command and director of the National Security Agency on Fort Meade, Md.. However, he added, protecting networks from information theft or attack by hackers is a big job. “When you look at the vulnerabilities that we face in this area, it’s extraordinary,” Alexander said. Government and commercial networks worldwide have experienced repeated assault by hackers over the past several years, he noted. “What we see is a disturbing trend, from exploitation to disruption to destruction,” Alexander said. DOD views cyberspace as a domain such as air, land, sea and space, the general said. New and better ways must be developed in partnership with private industry to defend the nation’s military and commercial information networks, he said. First, the Defense Department is looking at creating special “hunter teams” to actively look for computer viruses and malware, Alexander said. Such teams, he added, would be part of “a dynamic” perimeter-defense network. DOD also can do more, he  said, to partner with private industry, as well as allies, to protect the cyber realm. Another change that would upgrade the military’s cyber defense and save money, Alexander  said, is adapting cloud computing platforms. In cloud computing, applications are accessed from Internet web browsers rather than being installed on each individual computer server. Remote servers are used to store organizational data and information. “It’s easier to secure the cloud … [and] it’s cheaper,” he said, noting a test program demonstrates potential DOD information technology savings of 30 percent by using the cloud network system. The Internet’s birth 40 years ago created both great opportunities and risks for society, said Dugan, noting that DARPA was heavily involved in its creation. Today, people around the globe rely on the Internet for communication, information, commerce and entertainment purposes, she said. However, cyber criminals steal information worth millions of dollars from businesses worldwide each year, Dugan said. In fact, she added, 2004 marked the first time that proceeds from cyber crime exceeded profits made from the sale of illegal drugs. “Malicious cyber attacks are not merely an existential threat to our bits and bytes,” Dugan said. “They are a real threat to an increasingly large number of systems that we interact with daily, from the power grid to our financial systems to our automobiles and our military systems.” Former Deputy Defense Secretary  William J. Lynn III said on Sept. 28 that cyber attacks would become a significant component of future conflicts and that more than 30 nations are creating cyber units in their militaries, Dugan said. Lynn added that it would be unrealistic to think that these nations would confine their cyber capabilities to only defensive purposes, she said. Today, a connected, motivated group operating through the Internet can accomplish tasks in a frightfully short period of time, Dugan said. Accordingly, Dugan said, in the fiscal year 2012 budget submission, DARPA increased its cyber threat research budget by $88 million. “And over the next five years our proposed investment in cyber research will grow steadily, from 8 to 12 percent of our top line,” she added. In coming years, she said, DARPA will focus an increasing portion of its cyber research on the investigation of offensive [cyber] capabilities to address military-specific needs.