​Pentagon working on anti-hacker system to crack down on its own security flaws

With a perceived rise in computer attacks by foreign powers, and a critical internal report, the US Department of Defense is building a system to help fix its own vulnerabilities to cyber threats.

The Pentagon: Eventual goal is a completely automated system to detect and respond to cyber attacks. Image: US Department of Defense

After a damning report from the Pentagon's chief weapons tester about cyber threats earlier this year, the US Defense Department is stepping up efforts to protect its networks with a new system to help spot flaws.

The aim of the system is to identify vulnerabilities in the military's networks, weapons systems and installations so that officials can set priorities for fixing them, US Cyber Command deputy commander Air Force lieutenant general Kevin McLaughlin told Reuters.

Pentagon officials should reach agreement on a framework within months, with a goal of turning the system into an automated scorecard in coming years, he said.Initial work will be manual but the eventual goal is the creation of a completely automated system that will instantaneously detect and respond to cyber attacks.

The original idea for the system was for it to identify weaknesses in weapons and networks but the Pentagon now wants to adopt a broader and more detailed remit that would also explore how data moves between branches of the military.

​Poacher turned gamekeeper? GCHQ issues advice on safer passwords

UK surveillance and intelligence agency GCHQ has come up with a list of best practice advice on the use of passwords.

Read More

In January, Pentagon director of operational test and evaluation Michael Gilmore launched a highly critical report that revealed "significant vulnerabilities" to cyber attack in almost every American weapons project tested.

Lieutenant general Kevin McLaughlin told this week's annual Billington Cybersecurity Summit that Cyber Command had already created about half of 133 planned cyber response teams, comprising about 6,200 staff. All the teams should be operational by the end of 2016.

The new system's focus will initially be on areas of potentially greatest vulnerability, such as weapons systems that date back some 30 years, before the cyber threat was fully understood, as well as more recent technology that is nevertheless insecure.

"There's probably not enough money in the world to fix all those things but the question is what's most important, where should we put our resources as we eat the elephant one bite at a time," he told the Washington, DC, summit.

Representatives from the American army, navy and air force also described to the conference their own security efforts and the increased levels of collaboration between the services against cyber attacks.

McLaughlin said senior officers are today far more aware of computer threats and are also more accountable, with the results of spot checks and inspections now being sent to Cyber Command commander Admiral Mike Rogers.

More on security