DOD: Systems need more protection

The Defense Department must do more to guard against cyber threats, said Robert Lentz, the department's director of information assurance.

"As our dependence on information networks increases, it creates new vulnerabilities, as adversaries develop new ways of attacking and disrupting U.S. forces," he said. "Everyone must be made aware of his or her role in assuring the nation's information."

Lentz, speaking late last week to a House Subcommittee on terrorism, unconventional threats and capabilities, said that in recent years the department has become more reliant on off-the-shelf products proven in the commercial world. But some experts said that off-the-shelf code can require frequent security patches because holes repeatedly emerge in commercial code. And off-the-shelf software mainly comes from people with no security clearance or workers in other countries.

Foreign labor "has been wonderful for the economy," said Eugene Spafford, a Purdue University professor and director of the school's Center for Education and Research and Information Assurance and Security. "But it has introduced tremendous vulnerability to our software."

Much of the commercial software used by defense agencies was never meant for use in a military environment, or subjected to the ferocity of attacks often seen by defense networks. Last year alone the department defended itself against 50,000 attack attempts to gain access to the network, Lentz said.

Robert Dacey, director of the General Accounting Office's technology team, credited DOD with being one of the most advanced agencies for information assurance. However, a GAO report released last week said the department lacks policies needed to tightly guard data and ways to enforce the policies it does have. Although the department has an Information Assurance Program, officials don't have a way to measure compliance with the government's security policies, according to the report.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.