$100M for Reactive Cyber Defense

Reactive defense of computer networks can run up a big tab in a short time, according to top Defense Department network officials.

U.S. Strategic Command spent $100 million in six months in "after the fact" defense of Defense Department networks, Army Brig. Gen. John Davis, deputy commander of the Joint Task Force-Network Operations said at a press briefing from the command's annual Cyberspace Symposium in Omaha.

The Defense Information Systems Agency's budget to protect Defense networks has run about $500 million a year over the past several years. Davis said STRATCOM's tab for "reacting to things [discovered] on the network after the fact" over the past six months cost another $100 million.

STRATCOM commander Air Force Gen. Kevin Childs said these extra costs reflected the need to defend networks at a number of unidentified military bases against network intrusions, which included the cost of added manpower to fight the intrusions and network downtime.

Childs provided few details, but did say that Defense networks experience probes thousands of times a day from attackers which included teenage hackers, criminals and "sophisticated nation-states."

Childs said that one of the best ways Defense can protect its networks is to insure that all personnel follow simple policies, procedures and guidelines. That includes an absolute ban on the use of thumb drives and other removable media, he said. Childs added he did not see any change in that policy in the foreseeable future.