More than 100 foreign intelligence agencies have attempted to penetrate U.S. government defense networks, and there is growing concern over the cyberthreat posed by terrorist organizations, a Pentagon official said Tuesday at the 2011 RSA Conference in San Franscisco.
Despite the attempted intrusions, foreign agencies are not likely to initiate a catastrophic cyberattack because U.S. military power provides a strong deterrent, said Deputy Defense Secretary William Lynn. More concerning, however, is the risk posed by terrorist organizations such as al-Qaeda, which has vowed to launch cyberattacks but has not yet done so.
“Terrorist organizations or rogue states could obtain and use destructive cyber capabilities,” Lynn said. “We need to develop stronger defenses before this occurs.”
Also of pressing concern is the accidental spread of malware, which could inadvertently have a disastrous effect on the global economy, he added.
“Certain types of malware can propagate worldwide in minutes,” Lynn said. “The accidental spread of toxic malware may not cause as much damage as a premeditated attack, but it could nevertheless be a potential source of disruption for critical networks.”
To counter the growing threat, the Department of Defense (DoD) unveiled two new programs that will allow for the exchange of cybersecurity personnel between government and industry and increase the number of National Guard or Army Reserve units that are dedicated to cyber, Lynn said.
“We want senior IT managers in the department to incorporate more commercial practices,” Lynn said. “And we want seasoned industry professionals to experience first-hand the unique challenges we face at DoD.”
To help improve cybersecurity, the Defense Department also plans to add half a billion dollars in new research funds, earmarked for areas such as cloud computing, virtualization and encryption.
In addition, the DoD is looking for ways to extend military defenses to private networks that operate critical infrastructure, Lynn said.
Owners and operators of critical infrastructure, most of which are members of the private sector, could benefit from the department's classified cyberthreat information. DoD currently has the ability to apply its defenses to civilian networks yet is challenged from a legal and policy perspective.
“How to share classified signatures and the technology to employ them across the full range of industrial sectors that support the military and underpin the economy is a pressing policy question,” Lynn said.