DOD: Systems need more protection

The Defense Department must do more to guard against cyber threats, said Robert Lentz, the department's director of information assurance.

"As our dependence on information networks increases, it creates new vulnerabilities, as adversaries develop new ways of attacking and disrupting U.S. forces," he said. "Everyone must be made aware of his or her role in assuring the nation's information."

Lentz, speaking late last week to a House Subcommittee on terrorism, unconventional threats and capabilities, said that in recent years the department has become more reliant on off-the-shelf products proven in the commercial world. But some experts said that off-the-shelf code can require frequent security patches because holes repeatedly emerge in commercial code. And off-the-shelf software mainly comes from people with no security clearance or workers in other countries.

Foreign labor "has been wonderful for the economy," said Eugene Spafford, a Purdue University professor and director of the school's Center for Education and Research and Information Assurance and Security. "But it has introduced tremendous vulnerability to our software."

Much of the commercial software used by defense agencies was never meant for use in a military environment, or subjected to the ferocity of attacks often seen by defense networks. Last year alone the department defended itself against 50,000 attack attempts to gain access to the network, Lentz said.

Robert Dacey, director of the General Accounting Office's technology team, credited DOD with being one of the most advanced agencies for information assurance. However, a GAO report released last week said the department lacks policies needed to tightly guard data and ways to enforce the policies it does have. Although the department has an Information Assurance Program, officials don't have a way to measure compliance with the government's security policies, according to the report.

Featured

  • Budget
    Stock photo ID: 134176955 By Richard Cavalleri

    House passes stopgap spending bill

    The current appropriations bills are set to expire on Oct. 1; the bill now goes to the Senate where it is expected to pass.

  • Defense
    concept image of radio communication (DARPA)

    What to look for in DOD's coming spectrum strategy

    Interoperability, integration and JADC2 are likely to figure into an updated electromagnetic spectrum strategy expected soon from the Department of Defense.

Stay Connected