After a damning report from the Pentagon's chief weapons tester about cyber threats earlier this year, the US Defense Department is stepping up efforts to protect its networks with a new system to help spot flaws.
The aim of the system is to identify vulnerabilities in the military's networks, weapons systems and installations so that officials can set priorities for fixing them, US Cyber Command deputy commander Air Force lieutenant general Kevin McLaughlin told Reuters.
Pentagon officials should reach agreement on a framework within months, with a goal of turning the system into an automated scorecard in coming years, he said.Initial work will be manual but the eventual goal is the creation of a completely automated system that will instantaneously detect and respond to cyber attacks.
The original idea for the system was for it to identify weaknesses in weapons and networks but the Pentagon now wants to adopt a broader and more detailed remit that would also explore how data moves between branches of the military.
In January, Pentagon director of operational test and evaluation Michael Gilmore launched a highly critical report that revealed "significant vulnerabilities" to cyber attack in almost every American weapons project tested.
Lieutenant general Kevin McLaughlin told this week's annual Billington Cybersecurity Summit that Cyber Command had already created about half of 133 planned cyber response teams, comprising about 6,200 staff. All the teams should be operational by the end of 2016.
The new system's focus will initially be on areas of potentially greatest vulnerability, such as weapons systems that date back some 30 years, before the cyber threat was fully understood, as well as more recent technology that is nevertheless insecure.
"There's probably not enough money in the world to fix all those things but the question is what's most important, where should we put our resources as we eat the elephant one bite at a time," he told the Washington, DC, summit.
Representatives from the American army, navy and air force also described to the conference their own security efforts and the increased levels of collaboration between the services against cyber attacks.
McLaughlin said senior officers are today far more aware of computer threats and are also more accountable, with the results of spot checks and inspections now being sent to Cyber Command commander Admiral Mike Rogers.
More on security
- Active Wordpress malware campaign compromises thousands of websites
- Red Hat's Ceph and Inktank code repositories were cracked
- Encryption puts terrorists beyond the reach of law, says MI5 chief
- Microsoft extends Azure Active Directory authentication with two new services
- Apple AirDrop flaw leaves users vulnerable to exploit
- SYNful Knock: Cisco router malware in the wild