Cybersecurity

DISA chief: We're in 'an economic cyber cold war'

Alan Lynn

DISA's Lt. Gen. Alan Lynn said officials believe adversaries will attack the country's industrial control systems "as a prelude to war."

The U.S. government is fighting at least a two-front cyberwar right now, according to a top Pentagon official. The challenges involve the daily fending off of millions of attacks on defense networks and the slow burn of economic espionage carried out by adversaries.

"I believe there's an economic cyber cold war playing out right now," said Lt. Gen. Alan Lynn, director of the Defense Information Systems Agency. He made the comments Nov. 18 at CyberCon 2015, an event sponsored by Federal Times and C4ISR and Networks in Arlington, Va.

Lynn, who is also commander of DISA's Joint Force Headquarters DOD Information Networks, asked the audience of contractors and defense officials to imagine an adversary whose goal is to, over time, "erode global consumer confidence in U.S. ...wholesale goods and businesses."

That was perhaps a thinly veiled reference to China, which the Pentagon, lawmakers and Justice Department officials have accused of stealing U.S. intellectual property.

Another front in the ongoing contest for cyberspace is manifested in adversaries' attempts to infiltrate the industrial control systems that run the U.S. power grid. "We expect a cyberattack as a prelude to war," Lynn said.

"No one knows where the red line is yet," he added. "When do you cross the line that starts a kinetic war?"

Adm. Michael Rogers, commander of U.S. Cyber Command, has told Congress that a major cyberattack from a nation-state or rogue group will likely hit U.S. critical infrastructure networks before 2025.

Lynn said that during his first 30 days on the job, he was occupied with dealing with cyberattacks on the Joint Chiefs of Staff, whose unclassified email network was breached around that time in an attack reportedly carried out by Russian spear phishers.

Later in the conference, Homeland Security Secretary Jeh Johnson underscored the threat of spear phishing to the .gov, .mil and other domains.

"Perhaps the single most effective thing we can do to improve cybersecurity is actually pretty simple: raise the awareness of everyone who uses your systems to the dangers of spear phishing," Johnson said.

Contractors in the crosshairs

Earlier this month, it was revealed that DISA contractor NetCracker Technology had outsourced software-writing work to Russian programmers, which left U.S. military communications systems vulnerable.

"On at least one occasion, numerous viruses were loaded onto the DISA network as a result of code written by the Russian programmers and installed on servers in the DISA secure system," former NetCracker employee John Kingsley said in court documents from March 2011 that were unsealed recently and first reported on by the Center for Public Integrity.

The complaint triggered a four-year investigation that culminated with NetCracker and Computer Sciences Corp., which had subcontracted the work, agreeing to pay a combined $12.75 million in civil penalties. Both firms denied any wrongdoing.

At the Federal Times conference, Lynn declined to comment on the allegations and instead said all contractors have "to be held accountable for their actions on the network."

Costs will likely be imposed on contractors who fail to uphold DISA's security standards, he added.

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.