Report: Flimsy cybersecurity for US military is 'magnet to US opponents'
| Washington
The US military 鈥渃annot be confident鈥 that its computer networks will continue to work in the event of a cyberattack from a reasonably competent enemy.
What鈥檚 more, the US military鈥檚 鈥渄ependence鈥 on flimsy security systems 鈥渋s a magnet to US opponents,鈥 who are increasingly capable of attacking 鈥渨ith potential consequences similar in some ways to the nuclear threat of the Cold War.鈥
That鈥檚 the warning out of a new 18-month study from the Pentagon鈥檚 Defense Science Board, which formed a task force to review the vulnerability of US military networks.
The task force found that during war-game exercises, 鈥渞ed team鈥 adversaries were able to hack into US military networks with 鈥渞elative ease.鈥
Such adversaries could 鈥渃ompletely [beat] our forces in exercises鈥 using hacking programs widely available on the Internet, according to the study. This happened in large part, the study concluded, because the Defense Department鈥檚 networks 鈥渁re built on inherently insecure architectures that are composed of, and increasingly using, foreign parts.鈥
As a result, the DOD and the contractors it employs 鈥渉ave already sustained staggering losses鈥 鈥 in the form of 鈥渄ecades of combat knowledge and experience that provide adversaries insight鈥 into US military operations.
So what to do about the threat, which Pentagon officials liken to the countering of German U-boats during World War II and nuclear deterrence during the cold war?
It is going to take a combination of refocused intelligence work and improved cyberdefense, according to the report.
Getting better at cyberdefense will involve giving up on the thought of protecting all military networks from advanced hackers, 鈥渨hich the task force believes is neither feasible nor affordable.鈥
Part of building a better defense system is also recognizing that the enemy 鈥渋s on our networks鈥 already. Senior defense officials point to a 2008 incident that has become notorious within the halls of the Pentagon, in which an infected flash drive allowed adversaries to export vast quantities of classified defense data, including times and routes of supply convoys in Afghanistan.
Moreover, improving cyberoperations involves recognizing that the nature of the threat is changing and evolving. In the late 1970s, the IBM Selectric typewriters at the US Embassy in Moscow were rigged by the Soviets to transmit every keystroke back to the KGB.
Today, cyberattacks are quickly progressing from exploitation and disruption to destruction. 鈥淪hould the United States find itself in a full-scale conflict,鈥 cyberattacks could deny the US military its greatest assets. 鈥淯S guns, missiles, and bombs may not fire, or may be directed against our own troops,鈥 according to the report.
Enemies could also infiltrate networks to play havoc with what is widely considered one of the US military鈥檚 greatest strengths: logistics. 鈥淩esupply, including food, water, ammunition, and fuel may not arrive when or where needed. Military commanders may rapidly lose trust in the information and ability to control US systems and forces,鈥 the report warns. 鈥淥nce lost, that trust is very difficult to regain.鈥
In the face of these cybervulnerabilities, the Pentagon must hone its offensive cybercapabilities as well, the report advises. 鈥淐yber offense may provide the means to respond in kind,鈥 it says.
The task force also advises keeping some crucial forces offline, to respond in the event of a catastrophic cyberattack, 脿 la 鈥淏attlestar Galactica.鈥
鈥淣otionally, 20 aircraft designated by tail number, out of a fleet of hundreds, might be segregated and treated as part of the cyber critical survivable mission force.鈥
This will help, the report concluded, 鈥渆nsure the President has options beyond a nuclear-only response to a catastrophic cyber attack.鈥
