Op-ed: Hagel's Gospel on Defending Networks

Defense Department

Featured eBooks
Digital Transformation
Read Now

Federal IT Modernization Still a Major Challenge

Read Now

DHS’ next chapter as an enterprise services provider

Read Now

What's happening in health tech

Read Now
John Grady By John Grady

By John Grady

|

The Pentagon is pouring money into cybersecurity, but how that will work is another thing entirely.

When Defense Secretary Chuck Hagel’s plane landed at Joint Base Pearl Harbor-Hickam in Honolulu in late May on his way to meet with leaders of the U.S. Pacific Command he met with troops and warned of one of the United States’ greatest enemies: hackers. He preached about the need for a “rules of the road” gospel covering all cyber activities -- especially when it comes to threats from China. 

“Cyber threats are real,” he said. “They’re terribly dangerous.”

May was a sobering month in terms of cybersecurity.

After The Washington Post reported Chinese hacking attacks on an extraordinary range of weapons systems, Defense Department officials took the equally extraordinary step of saying the Pentagon has full confidence that U.S. weapons programs are “secure and reliable.” But, the article noted, a 2012 Senate Armed Services Committee investigation that found as many as 1 million individual counterfeit parts are embedded in military aircraft.

The Post article also cited chilling revelations from an analysis by the Defense Science Board, a group of civilian advisers to the Pentagon. The board concluded the Defense Department has hardened its networks and large prime contractors are moving in that direction under Pentagon guidance, but subcontractors in the supply chain have not taken the necessary steps to detect and protect. These smaller suppliers have found defensive measures are “increasingly expensive and decreasingly effective,” the report said.

Even if subcontractors shore up network security, what are other nations and their defense contractors doing to protect their data?

Earlier in May, the Defense Department sent a report to Congress saying the Chinese government appeared to be using cyber espionage to modernize its military.

If that were not enough, the Commission on the Theft of American Intellectual Property cited China as the world’s largest source of proprietary data theft in a report by retired Adm. Dennis C. Blair, former director of national intelligence, and Jon M. Huntsman Jr., former ambassador to China, the panel's co-chairmen.  

“Nearly every U.S. business sector -- advanced materials, electronics, pharmaceuticals and biotech, chemicals, aerospace, heavy equipment, autos, home products, software and defense systems -- has experienced massive theft and illicit reproduction,” Blair and Huntsman said in an op-ed the day before the report was released. “So far, our national response to this crisis has been weak and disjointed.”

The U.S. government is certainly throwing taxpayer dollars into cyber initiatives.

The Pentagon is seeking $4.7 billion in its fiscal 2014 budget request to “defend networks, degrade adversary cyber capabilities and support defense of national infrastructure.” Defense officials have pledged to work more closely with civil authorities and internally with the National Security Agency and Cyber Command, which is pushing to elevate its status to that of a combatant command.

The $800 million increase in cyber budgeting will go largely to train and develop 40 mission teams, 25 direct support teams and 68 protection teams to assist the Homeland Security Department in securing federal and critical commercial systems by 2016, according to budget documents.

How it is all going to work is another thing.

“You can’t defend everything,” even inside the Pentagon, Franklin Kendall, a former undersecretary of Defense, told attendees at a recent Joint Warfighting Symposium in Virginia Beach, Va., who said the emphasis has been on building offensive cyber capabilities, which has implications in the private sector as well. 

Collateral damage is the biggest challenge, Vice Adm. Robert Parker, the Coast Guard’s Atlantic Area commander, said at the symposium. “You just don’t know what happens downstream when the military goes on the offensive,” he said.

More intriguingly, Parker raised the issue of whether the armed services should “have a role in escorting data” in a 21st century version of the World War II convoys carrying materiel and troops to Europe. He said that is a possible niche that Homeland Security, which includes the Coast Guard, and Cyber Command could develop.

A far more perplexing debate is surfacing in the private sector, according to Kendall. “Should a company have the right to self-defense?” he asked, raising the question of how far organizations should go to defend themselves. This is the murkiest quandary hiding in a swamp of risks.

The intellectual property commission warned against retaliation against hackers in the private sector, even if companies are attempting to take back what is rightfully theirs.  “An action against a hacker designed to recover a stolen information file or to degrade or damage the computer system of a hacker might degrade or damage the computer or network of an innocent third party,” Blair and Huntsman said in their report.

During his stop in Hawaii, Hagel said: “Another very important component to this is our allies and our partners, because we live in a world -- and you all know this -- where one country's just not big enough, strong enough, good enough, wealthy enough to handle it all. We can't do it, especially cyber. And cyber is one of those quiet, deadly, insidious unknowns you can't see, it's in the ether. It's not one big navy sailing into a port or one big army crossing a border or squadrons of fighter planes crossing a border. This is a very difficult, but real and dangerous threat. And there's no higher priority for our country than this issue.”

On his way to the NATO ministerial meeting in Brussels and in Singapore, where he met with Chinese military officials, the Defense chief pledged to make cyber his highest priority. President Obama also raised cyber espionage issues with Chinese President Xi Jinping during their recent talks in California.

Engaging the Chinese is a start. Working with allies, hardening networks and passing laws qualifying who can do what and when in cyberspace also are essential. Such initiatives will lead to those critical rules of the road, but getting there will not be easy.

John Grady, retired director of communications for the Association of the United States Army, writes about defense and national security.

NEXT STORY: Your essential catch-up on the week's news

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.