recommended reading

Board urges full funding of cybersecurity initiative

The nation's information infrastructure remains vulnerable to cyberattack and the incoming Obama administration must take immediate steps to improve cybersecurity, the Defense Science Board warned in a report released on Tuesday.

Comment on this article in The Forum.The new administration should place the "highest priority" on the classified National Cybersecurity Initiative that the Bush administration launched in January, according to the report, "Defense Imperatives for New Administration."

The report, released on Election Day, outlined a small, yet complex set of issues that threaten "future military failure" if not addressed, including stopping the development and deployment of weapons of mass destruction and shortening the procurement cycle for Defense Department technology.

The science board focused on the cybersecurity initiative, estimated to cost as much as $30 billion in seven years, as important. The Obama administration should support the cyber initiative with full funding and "highly focused and frequent management attention to ensure that agreed goals are met with the highest sense of urgency," the report said.

The Defense Science Board recommended the new administration dramatically expand the scope of the cybersecurity initiative to include protection of the commercial information infrastructure used by key sectors such as finance, transportation, manufacturing and agriculture "upon which the entire country depends."

It also recommended the department move beyond its current perimeter defense strategy, which puts a digital fence around computers and information systems, because the defenses can be easily breached by unsophisticated hackers.

Defense also needs to protect itself against inside threats from government employees and federal contractors who hack into or steal data from information systems. Protecting systems against insider threats should be the key cyber defense project of the new administration, using what the report called "aggressive" auditing of users who are accessing computer networks.

The report recommended Defense develop new automated tools and algorithms to detect suspicious activity from employees and contractors, a task that will require a significant research-and-development effort, said Mark Orndorff, director of the Defense Information Systems Agency's Program Executive Office for Information Assurance and Network Operations in an interview with Nextgov last month. He said DISA stores terabytes of information in its data centers and the commercial sector has not created a tool that can sift through such a mountain of data to identify suspicious insider activity.

Defense also should include government-created hardware and software in every critical information system to thwart an adversary, the report suggested. Government hardware and software would increase the research and operating cost to critical systems, but also would discourage cyberattacks, the report said.

Computer hardware and software are developed and manufactured globally -- some of it by potential adversaries -- and the report recommended Defense acquire hardware and software in a way that veils end users.

In addition, the report suggested that Defense remove unneeded functionality from its applications and operating systems as every added feature offers an adversary a way to gain entry into a system. Defense also should minimize the time between its decision to purchase commercial hardware and software and its delivery and installation so a hacker has less opportunity to learn how to exploit vulnerabilities in the new equipment.

Finally, the report said, the new administration must prepare itself for a long-term fight with cyberwarfare adversaries. Protection against cyberattacks will require repeated cycles of computer system testing, vulnerability identification and application of new defensive measures, with much of the burden to research and develop the tactics falling on intelligence agencies because they are the primary targets of advanced cyber threats.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.