DOD: Systems need more protection

The Defense Department must do more to guard against cyber threats, said Robert Lentz, the department's director of information assurance.

"As our dependence on information networks increases, it creates new vulnerabilities, as adversaries develop new ways of attacking and disrupting U.S. forces," he said. "Everyone must be made aware of his or her role in assuring the nation's information."

Lentz, speaking late last week to a House Subcommittee on terrorism, unconventional threats and capabilities, said that in recent years the department has become more reliant on off-the-shelf products proven in the commercial world. But some experts said that off-the-shelf code can require frequent security patches because holes repeatedly emerge in commercial code. And off-the-shelf software mainly comes from people with no security clearance or workers in other countries.

Foreign labor "has been wonderful for the economy," said Eugene Spafford, a Purdue University professor and director of the school's Center for Education and Research and Information Assurance and Security. "But it has introduced tremendous vulnerability to our software."

Much of the commercial software used by defense agencies was never meant for use in a military environment, or subjected to the ferocity of attacks often seen by defense networks. Last year alone the department defended itself against 50,000 attack attempts to gain access to the network, Lentz said.

Robert Dacey, director of the General Accounting Office's technology team, credited DOD with being one of the most advanced agencies for information assurance. However, a GAO report released last week said the department lacks policies needed to tightly guard data and ways to enforce the policies it does have. Although the department has an Information Assurance Program, officials don't have a way to measure compliance with the government's security policies, according to the report.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.