DOD: Systems need more protection

The Defense Department must do more to guard against cyber threats, said Robert Lentz, the department's director of information assurance.

"As our dependence on information networks increases, it creates new vulnerabilities, as adversaries develop new ways of attacking and disrupting U.S. forces," he said. "Everyone must be made aware of his or her role in assuring the nation's information."

Lentz, speaking late last week to a House Subcommittee on terrorism, unconventional threats and capabilities, said that in recent years the department has become more reliant on off-the-shelf products proven in the commercial world. But some experts said that off-the-shelf code can require frequent security patches because holes repeatedly emerge in commercial code. And off-the-shelf software mainly comes from people with no security clearance or workers in other countries.

Foreign labor "has been wonderful for the economy," said Eugene Spafford, a Purdue University professor and director of the school's Center for Education and Research and Information Assurance and Security. "But it has introduced tremendous vulnerability to our software."

Much of the commercial software used by defense agencies was never meant for use in a military environment, or subjected to the ferocity of attacks often seen by defense networks. Last year alone the department defended itself against 50,000 attack attempts to gain access to the network, Lentz said.

Robert Dacey, director of the General Accounting Office's technology team, credited DOD with being one of the most advanced agencies for information assurance. However, a GAO report released last week said the department lacks policies needed to tightly guard data and ways to enforce the policies it does have. Although the department has an Information Assurance Program, officials don't have a way to measure compliance with the government's security policies, according to the report.

Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.