Joint Chiefs hack illustrates insufficient cyber defense
- By Sean Lyngaas
- Dec 14, 2015
Gen. Joseph Dunford said he would devote some time as Joint Chiefs chairman to enhancing the Pentagon's ability to deter adversaries in cyberspace.
The July hack of the Joint Chiefs of Staff's unclassified email network showed that the Defense Department's investments in cybersecurity have been insufficient, said Joint Chiefs Chairman Gen. Joseph Dunford.
The hack, which news reports have attributed to Russian spear phishers, "clearly highlighted for me...that whatever investments we've made in cyber defense to date have not gotten us to where we need to be, and that needs to be an area of continued investment as we move forward," Dunford said Dec. 14 at a Center for a New American Security/Defense One event in Washington.
"When you have that kind of a vulnerability...you really don't have the kind of resilience you need to provide the president with options in the event of a contingency to advance our interests," Dunford added.
After his appearance, the general declined to elaborate on what cybersecurity measures he has put into effect since the email breach. He assumed command Oct. 1, two months after the breach was reported.
The hack forced the Joint Chiefs' unclassified email system off-line for two weeks and drew scrutiny of the staff's security practices. The hackers took advantage of encrypted traffic that the Joint Chiefs were not decrypting and inspecting, a former intelligence official familiar with the network has told FCW. Moreover, the hackers could have been targeting the unclassified network in part because classified data occasionally spills onto it, the former official said.
The Pentagon's cybersecurity budget for fiscal 2015 was $4.97 billion, and it would rise to $5.5 billion under the fiscal 2016 budget request, according to documentation provided by the DOD CIO's office.
Dunford made cybersecurity a policy focus in his previous role as commandant of the Marine Corps; in January, he issued guidance to the Corps that highlighted cybersecurity as a critical domain in which to build capacity.
In his Dec. 14 remarks, Dunford said he would devote some time as Joint Chiefs chairman to enhancing the Pentagon's ability to deter adversaries in cyberspace.
"Clearly, we have challenges in cyber not only to protect ourselves, but also the development of offensive cyber capabilities," he said, adding that "cyber deterrence is an area we probably need to spend some time on."
Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.
Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.
Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.