Pentagon designing cyber 'scorecard' to stay ahead of hackers
The US Defense Department is building a massive, electronic system to provide an overview of the vulnerabilities of the military's computer networks, weapons systems, and installations, and help officials prioritize how to fix them, the deputy commander of US Cyber Command said yesterday.
Air Force Lieutenant General Kevin McLaughlin told Reuters officials should reach agreement on a framework within months, with a goal of turning the system into an automated "scorecard" in coming years.
The effort, being led by the Pentagon's chief information officer, grew out of a critical report about cyber threats released earlier this year by the Pentagon's chief weapons tester, and escalating cyber attacks by China and Russia.
The report by Michael Gilmore, the Pentagon's director of testing and evaluation, warned that nearly every major US weapons system was vulnerable to cyber attacks.
Initial data entry would be done by hand, but the goal was to create a fully automated system that would help defense officials instantaneously detect and respond to cyber attacks, Mr McLaughlin said after a speech at the annual Billington Cybersecurity Summit.
Mr McLaughlin told the conference that Cyber Command had already set up about half of 133 planned cyber response teams with about 6,200 people, and all of them would achieve an initial operational capability by the end of 2016.
He said the initial focus of the new scorecard would be on the greatest threats, including weapons systems fielded 30 years ago before the cyber threat was fully understand, as well as newer systems that were not secure enough.
"There’s probably not enough money in the world to fix all those things, but the question is what’s most important, where should we put our resources as we eat the elephant one bite at a time," he said.
Mr McLaughlin said the scorecard was initially intended to look at weapons and networks, but the Pentagon was now looking at a broader and more sophisticated approach that also accounted for how data was moved among agencies within the military.
US Army, Navy and Air Force officials, who also spoke at the event, mapped out their own cybersecurity efforts, citing new levels of communication and collaboration among the services around these issues.
Mr McLaughlin said US military commanders were far more attuned to cyber threats than in earlier years. He said Cyber Command spot checks and inspections were now being flagged to the command's top leader, Admiral Mike Rogers, which had spurred greater accountability than in earlier years.