DoD and the CyberThreat

Home Forums Technology DoD and the CyberThreat

This topic contains 0 replies, has 1 voice, and was last updated by  Henry Brown 4 years, 11 months ago.

  • Author
    Posts
  • #177467

    Henry Brown
    Participant

    A significant amount of FUD but interesting reading (all 138 pages of same)

    TASK FORCE REPORT:
    Resilient Military Systems and the Advanced Cyber Threat

    Executive Summary
    The United States cannot be confident that our critical Information Technology (IT) systems will work under attack from a sophisticated and well-resourced opponent utilizing cyber capabilities in combination with all of their military and intelligence capabilities (a "full spectrum" adversary). While this is also true for others (e.g. Allies, rivals, and public/private networks), this Task Force strongly believes the DoD needs to take the lead and build an effective response to measurably increase confidence in the IT systems we depend on (public and private) and at the same time decrease a would-be attacker's confidence in the effectiveness of their capabilities to compromise DoD systems. We have recommended an approach to do so, and we need to start now!

    While DoD takes great care to secure the use and operation of the “hardware” of its weapon systems, these security practices have not kept up with the cyber adversary tactics and capabilities. Further, the same level of resource and attention is not spent on the complex network of information technology (IT) systems that are used to support and operate those weapons or critical cyber capabilities embedded within them. This Task Force was asked to review and make recommendations to improve the resilience of DoD systems to cyber attacks and to develop a set of metrics that the Department could use to track progress and shape investment priorities.

    Over the past 18 months, the Task Force received more than 50 briefings from practitioners and senior officials throughout the DoD, Intelligence Community (IC), commercial practitioners, academia, national laboratories, and policymakers. As a result of its deliberations, the Task Force concludes that:

    Over the past 18 months, the Task Force received more than 50 briefings from practitioners and senior officials throughout the DoD, Intelligence Community (IC), commercial practitioners, academia, national laboratories, and policymakers. As a result of its deliberations, the Task Force concludes that:

    • The cyber threat is serious, with potential consequences similar in some ways to the nuclear threat of the Cold War
    • The cyber threat is also insidious, enabling adversaries to access vast new channels of intelligence about critical U.S. enablers (operational and technical; military and industrial) that can threaten our national and economic security
    • Current DoD actions, though numerous, are fragmented. Thus, DoD is not prepared to defend against this threat
    • DoD red teams, using cyber attack tools which can be downloaded from the Internet, are very successful at defeating our systems
    • U.S. networks are built on inherently insecure architectures with increasing use of foreign-built components
    • U.S. intelligence against peer threats targeting DoD systems is inadequate
    • With present capabilities and technology it is not possible to defend with confidence against the most sophisticated cyber attacks
    • It will take years for the Department to build an effective response to the cyber threat to include elements of deterrence, mission assurance and offensive cyber capabilities.

    ...

    download ~10 MB PDF file

You must be logged in to reply to this topic.