Cybersecurity: as military becomes more reliant on networks, vulnerabilities grow.As the Defense Department pursues programs dependent on global computer networks, government officials warn that the current methods of ensuring information security are not commensurate with the threats against them. If these problems are not addressed, the Pentagon could spend $200 billion during the next 10 years on a network with serious vulnerabilities, according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. security experts. Part of the catchphrase Noun 1. catchphrase - a phrase that has become a catchword catch phrase phrase - an expression consisting of one or more words forming a grammatical constituent of a sentence "net-centricity" refers to the ability to link small units with current information, and in return quickly derive data from every soldier, vehicle and sensor in the field. This type of system would change how military operations This is a list of missions, operations, and projects. Missions in support of other missions are not listed independently. World War I ''See also List of military engagements of World War I
v. re·or·dered, re·or·der·ing, re·or·ders v.tr. 1. To order (the same goods) again. 2. To straighten out or put in order again. 3. To rearrange. v. of supplies would be sped up and automated. The ambitious Global Information Grid The globally interconnected, end-to-end set of information capabilities, associated processes and personnel for collecting,processing, storing, disseminating and managing information on demand to warfighters, policy makers, and support personnel. , meant to connect all of Defense Department's information systems to each other and to civilian entities, depends on secure connections. "The GIG enterprise offers significant advantages and efficiencies to war fighters ... But all of this requires the users to have trust in the information," said J. Michael Johnson Michael Johnson or Mike Johnson may refer to:
Threats to the network range from nation-state sponsored hackers, organized crime groups, terrorist operations, traitors pulling inside jobs and unintended mistakes by users. Nightmare scenarios include the enemy's ability to change coordinates of missiles while in flight, tamper with automated logistics by routing useless items to the front or expose the military's plans for an impending im·pend intr.v. im·pend·ed, im·pend·ing, im·pends 1. To be about to occur: Her retirement is impending. 2. Operation. "Even weather information could be a tip off," Johnson warned. That makes security a key issue. The term "information assurance" is used to encompass both the availability and safety of the data flowing between users. Current strategic planning Strategic planning is an organization's process of defining its strategy, or direction, and making decisions on allocating its resources to pursue this strategy, including its capital and people. , including the Quadrennial Defense Review
The Quadrennial Defense Review (QDR) is a report by the United States Department of Defense that analyzes strategic objectives and potential military , is taking a more serious look at building stronger safeguards into military systems and equipment. "I don't think you can find information assurance in a previous QDR QDR Quadrennial Defense Review (US DoD) QDR Quad Data Rate (Memory Technology) QDR Quality Deficiency Report QDR Quality, Durability and Reliability (Toyota Motor Company) ," Johnson said. "This time it's a significant topic." But officials at a defense technology conference hosted by Infonex Defense described a military that, from Pentagon brass to contractors, is having a hard time grasping ways to counter threats to information security. In the future, every piece of equipment and every person will need the equivalent of an identifying IP (internet protocol See Internet and TCP/IP. (networking) Internet Protocol - (IP) The network layer for the TCP/IP protocol suite widely used on Ethernet networks, defined in STD 5, RFC 791. IP is a connectionless, best-effort packet switching protocol. ) address. But in many cases, the idea of tagging all data, users and hardware to a common standard is met with service isolationism isolationism National policy of avoiding political or economic entanglements with other countries. Isolationism has been a recurrent theme in U.S. history. It was given expression in the Farewell Address of Pres. . "The technology is there, the policy is there, but the people aren't there yet," said Navy Capt. Jeffrey Burtch, director of the information assurance program at the office of the secretary of defense The Office of the Secretary of Defense (OSD) is part of the United States Department of Defense and includes the entire staff of the Secretary of Defense. It is the principal staff element of the Secretary of Defense in the exercise of policy development, planning, resource . "People are still in a rice bowl. 'That's my network. You can't touch it.'" Burtch described his effort to bring greater information security to the Pentagon as an uphill struggle, but one in which he painfully is gaining ground. The future may witness significant funding, he revealed, citing a figure hovering at about $500 million for a dedicated, department-wide effort. "That number changes every time I get back to my email," Burtch said. "I spend much of my time fighting budget wars." The 2006 budget slated $30.1 billion for Pentagon IT programs. Many of these are GIG-related, such as the Global Information Grid-Bandwidth Expansion The Global Information Grid Bandwidth Expansion (GIG-BE) Program was a major United States Department of Defense (DOD) net-centric transformational initiative executed by DISA. GIG-BE created a ubiquitous “bandwidth-available” environment to improve national security program ($877 million), Transformational Satellite Communication ($836 million) and Net-Centric Enterprise Services Net-Centric Enterprise Services (NCES) is a Department of Defense program, managed by the Defense Information Systems Agency, to develop information technology infrastructure services for future systems used by the United States military. ($79 million.) Estimates of the GIG's total cost over the coming decade tip the scales at $200 billion. Education and awareness are important, he said, but money is critical to improving information assurance. Even though the commercial financial services The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. markets have a lower, but still robust, number of threats against their information technology, they spend an average of 14 to 25 percent of their IT budgets on security. By comparison, the Department of Defense spends only 7 percent of its IT budget on security, even though it must contend with intrusions from foreign powers, terrorist networks and spies, as well as the same slew of crooks and hackers who target banks. Asked if the military is leveraging commercial technologies used to protect civilian nets, Johnson responded, "We are dependant on Adj. 1. dependant on - determined by conditions or circumstances that follow; "arms sales contingent on the approval of congress" contingent on, contingent upon, dependant upon, dependent on, dependent upon, depending on, contingent it." He added that Pentagon teams evaluate where government funds could best be spent to tackle problems unique to defense and intelligence information security. The level of awareness in the military to the risk of cyber attacks is growing courtesy of tough education during war games, when "red teams" simulating adversaries wreak havoc by compromising networks. It isn't necessary to take down an entire system to damage military operations, the experts at the conference agreed. Once the system is shown to be hacked, no information on it can reliably be trusted. In a net-centric operation, that could mean total calamity. Burtch said that prior to his assignment protecting systems, he worked with the Navy to attack enemy networks. As an example of this tactic's usefulness, he cited the targeting of communications of the Iraqis during Operation Desert Storm Noun 1. Operation Desert Storm - the United States and its allies defeated Iraq in a ground war that lasted 100 hours (1991) Gulf War, Persian Gulf War - a war fought between Iraq and a coalition led by the United States that freed Kuwait from Iraqi invaders; . By disrupting the Iraqis' secure networks, the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. was able to push communications into less secure channels and clogged their limited bandwidth, providing keen advantages to U.S. troops, he said. But the possibility that such techniques could be used against the United States is one not eagerly faced by program managers, contractors and mid-level military officials. For example, the Army must overcome cultural dilemmas in securing its systems, and officials often treat information assurance requirements as mere paperwork that has to be filled out to achieve certification, said Ted Hendy, director of information assurance and security engineering at U.S. Information Systems Engineering Command. "We need to put security back in information assurance," he said. "It's not there." Many Army program officials do not think to build information assurance into an Army system from the start, he said. This is the unintended consequence For the 1996 novel by John Ross, see . Unintended consequences are situations where an action results in an outcome that is not (or not only) what is intended. The unintended results may be foreseen or unforeseen, but they should be the logical or likely results of the of the structure adopted by the Pentagon to certify military information technology, Hendy said. By aligning the Defense Department's Information Technology Security Certification and Accreditation Process with another authorization agreement, "information security got pushed way to the back," he said. This occurred because security became lumped into the same paperwork as overall accreditation--just another bureaucratic hoop for contractors and program managers to jump through on the way to developing and fielding a piece of equipment. Lost in the process was the role of security specialists who could help engineers design software, hardware, equipment and training procedures that would tighten security from a product's inception, he said. Also forgotten, he added, was planning for updating and sustaining security on the product through its lifespan. This is increasingly important in a networked environment, in which "a risk taken by one is shared by all," Hendy said. "We need to know not just what risks are to your system, but what risks your system imposes on the rest of the GIG." Other consequences of lax security include a lack of forensic tools to assist the 1st Information Operations Command in tracing back the source of an attack, he said. Hendy highlighted more problem areas, including a lack of centralized Pentagon tracking of the risks to networked systems, an overall dearth of recovery plans, little enforcement of information assurance provisions in private sector contracts and a dependence on commercial technology that does not meet military standards. To those worries, Burtch added a reliance on foreign workers. "Ninety percent of the code running on our machines is written offshore, mostly in friendly countries, for now," he said. "Who knows in five years?" The U.S. military is faced with state-of-the-art equipment rendered useless on the battlefield by a hacker halfway around the world, making the financial investments necessary, Burtch said. This is a message he said he delivered to officials at the Pentagon: "I'd like you to have one less tank to have this done the right way." |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion