recommended reading

Board urges full funding of cybersecurity initiative

The nation's information infrastructure remains vulnerable to cyberattack and the incoming Obama administration must take immediate steps to improve cybersecurity, the Defense Science Board warned in a report released on Tuesday.

Comment on this article in The Forum.The new administration should place the "highest priority" on the classified National Cybersecurity Initiative that the Bush administration launched in January, according to the report, "Defense Imperatives for New Administration."

The report, released on Election Day, outlined a small, yet complex set of issues that threaten "future military failure" if not addressed, including stopping the development and deployment of weapons of mass destruction and shortening the procurement cycle for Defense Department technology.

The science board focused on the cybersecurity initiative, estimated to cost as much as $30 billion in seven years, as important. The Obama administration should support the cyber initiative with full funding and "highly focused and frequent management attention to ensure that agreed goals are met with the highest sense of urgency," the report said.

The Defense Science Board recommended the new administration dramatically expand the scope of the cybersecurity initiative to include protection of the commercial information infrastructure used by key sectors such as finance, transportation, manufacturing and agriculture "upon which the entire country depends."

It also recommended the department move beyond its current perimeter defense strategy, which puts a digital fence around computers and information systems, because the defenses can be easily breached by unsophisticated hackers.

Defense also needs to protect itself against inside threats from government employees and federal contractors who hack into or steal data from information systems. Protecting systems against insider threats should be the key cyber defense project of the new administration, using what the report called "aggressive" auditing of users who are accessing computer networks.

The report recommended Defense develop new automated tools and algorithms to detect suspicious activity from employees and contractors, a task that will require a significant research-and-development effort, said Mark Orndorff, director of the Defense Information Systems Agency's Program Executive Office for Information Assurance and Network Operations in an interview with Nextgov last month. He said DISA stores terabytes of information in its data centers and the commercial sector has not created a tool that can sift through such a mountain of data to identify suspicious insider activity.

Defense also should include government-created hardware and software in every critical information system to thwart an adversary, the report suggested. Government hardware and software would increase the research and operating cost to critical systems, but also would discourage cyberattacks, the report said.

Computer hardware and software are developed and manufactured globally -- some of it by potential adversaries -- and the report recommended Defense acquire hardware and software in a way that veils end users.

In addition, the report suggested that Defense remove unneeded functionality from its applications and operating systems as every added feature offers an adversary a way to gain entry into a system. Defense also should minimize the time between its decision to purchase commercial hardware and software and its delivery and installation so a hacker has less opportunity to learn how to exploit vulnerabilities in the new equipment.

Finally, the report said, the new administration must prepare itself for a long-term fight with cyberwarfare adversaries. Protection against cyberattacks will require repeated cycles of computer system testing, vulnerability identification and application of new defensive measures, with much of the burden to research and develop the tactics falling on intelligence agencies because they are the primary targets of advanced cyber threats.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.