On Thursday the Pentagon released its first-ever cyberspace defense plan. The need for a cyber-security plan has increasingly become apparent over the past year as several breaches of Department of Defense (DOD) computers and companies employed through government defense contracts have resulted in thousands of documents being copied and stolen.
Although some breaches are the result of hackers looking to crack some of the toughest firewalls as some sort of independent personal mission, the DOD has confirmed that cyberspace hacking is the new front of international espionage for governments around the world.
The DOD report stated that other countries “are working to exploit DOD unclassified and classified networks, and some foreign intelligence organizations have already acquired the capacity to disrupt elements of DOD’s information infrastructure. Moreover, non-state actors increasingly threaten to penetrate and disrupt DOD networks and systems.”
The Pentagon plans to focus on three areas specifically to combat cyber threats: The theft or exploitation of data, attempts to deny or disrupt access to U.S. military networks, and any attempts to “destroy or degrade networks or connected systems.”
William Lynn, the Deputy Secretary of Defense, confirmed in his speech Thursday at the National Defense University that the March cyber-attacks against a U.S. defense contractor were the intentional actions of a foreign government. The breach resulted in 24,000 files being stolen. The hackers were after files related to missile tracking systems, unmanned aerial vehicles, and the Joint Strike Fighter.
“It is a significant concern that over the past decade, terabytes of data have been extracted by foreign intruders from corporate networks of defense companies,” Lynn said.
Summing up the United States position with regards to cyber security, the Pentagon report stated plainly: “The department and the nation have vulnerabilities in cyberspace. Our reliance on cyberspace stands in stark contrast to the inadequacy of our cyber security.”
Complicating the protection of critical information is the fact that the majority of information technology products the United States uses are manufactured and assembled in foreign countries, meaning the risk to security reaches back to the production phase of the technologies and could include every step of the manufacturing and shipping process.
A telling sign that the country has entered into a new technology age, the DOD claimed cyberspace as a new “operational domain”, which puts cyber space under the same protection and vigilance as the military domains of air, space, land, and sea. This declaration opens the possibility for cyber warfare, a term that has never described any official action by the U.S. government, but could become a new tactical response to foreign threats and used in conjunction with other military actions in the Pentagon’s arsenal.
The day before the DOD presented its cyber security plan, senior Republican Senator John McCain (AZ) wrote a letter to Senate leaders asking them to create a bipartisan panel to draft cyber security legislation. McCain says one of the problems facing the critical legislation is the overlapping jurisdiction of numerous committees all working separately on the issue.
“The only way to move comprehensive cyber security legislation forward swiftly is to have committee chairmen and ranking members step away from preserving their own committees’ jurisdiction … (and) develop a bill that serves the national security needs of all Americans,” McCain wrote. His letter was sent to Senate President Harry Reid (D – Nev.) and Senate Minority Leader Mitch McConnell (R – KY).
The partially drafted bill, which has stalled in the chambers of Congress, would allow the president to declare a state of cyber security emergency. However, the president’s emergency powers are not yet defined. Both the Pentagon’s plan the working draft of the legislation would put the Department of Homeland Security in charge of overseeing the nation’s cyber security efforts.