Cybersecurity

Joint Chiefs hack illustrates insufficient cyber defense

Gen. Joseph Dunford said he would devote some time as Joint Chiefs chairman to enhancing the Pentagon's ability to deter adversaries in cyberspace.

The July hack of the Joint Chiefs of Staff's unclassified email network showed that the Defense Department's investments in cybersecurity have been insufficient, said Joint Chiefs Chairman Gen. Joseph Dunford.

The hack, which news reports have attributed to Russian spear phishers, "clearly highlighted for me...that whatever investments we've made in cyber defense to date have not gotten us to where we need to be, and that needs to be an area of continued investment as we move forward," Dunford said Dec. 14 at a Center for a New American Security/Defense One event in Washington.

"When you have that kind of a vulnerability...you really don't have the kind of resilience you need to provide the president with options in the event of a contingency to advance our interests," Dunford added.

After his appearance, the general declined to elaborate on what cybersecurity measures he has put into effect since the email breach. He assumed command Oct. 1, two months after the breach was reported.

The hack forced the Joint Chiefs' unclassified email system off-line for two weeks and drew scrutiny of the staff's security practices. The hackers took advantage of encrypted traffic that the Joint Chiefs were not decrypting and inspecting, a former intelligence official familiar with the network has told FCW. Moreover, the hackers could have been targeting the unclassified network in part because classified data occasionally spills onto it, the former official said.

The Pentagon's cybersecurity budget for fiscal 2015 was $4.97 billion, and it would rise to $5.5 billion under the fiscal 2016 budget request, according to documentation provided by the DOD CIO's office.

Dunford made cybersecurity a policy focus in his previous role as commandant of the Marine Corps; in January, he issued guidance to the Corps that highlighted cybersecurity as a critical domain in which to build capacity.

In his Dec. 14 remarks, Dunford said he would devote some time as Joint Chiefs chairman to enhancing the Pentagon's ability to deter adversaries in cyberspace.

"Clearly, we have challenges in cyber not only to protect ourselves, but also the development of offensive cyber capabilities," he said, adding that "cyber deterrence is an area we probably need to spend some time on."

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected