Cybersecurity

Joint Chiefs hack illustrates insufficient cyber defense

Gen. Joseph Dunford said he would devote some time as Joint Chiefs chairman to enhancing the Pentagon's ability to deter adversaries in cyberspace.

The July hack of the Joint Chiefs of Staff's unclassified email network showed that the Defense Department's investments in cybersecurity have been insufficient, said Joint Chiefs Chairman Gen. Joseph Dunford.

The hack, which news reports have attributed to Russian spear phishers, "clearly highlighted for me...that whatever investments we've made in cyber defense to date have not gotten us to where we need to be, and that needs to be an area of continued investment as we move forward," Dunford said Dec. 14 at a Center for a New American Security/Defense One event in Washington.

"When you have that kind of a vulnerability...you really don't have the kind of resilience you need to provide the president with options in the event of a contingency to advance our interests," Dunford added.

After his appearance, the general declined to elaborate on what cybersecurity measures he has put into effect since the email breach. He assumed command Oct. 1, two months after the breach was reported.

The hack forced the Joint Chiefs' unclassified email system off-line for two weeks and drew scrutiny of the staff's security practices. The hackers took advantage of encrypted traffic that the Joint Chiefs were not decrypting and inspecting, a former intelligence official familiar with the network has told FCW. Moreover, the hackers could have been targeting the unclassified network in part because classified data occasionally spills onto it, the former official said.

The Pentagon's cybersecurity budget for fiscal 2015 was $4.97 billion, and it would rise to $5.5 billion under the fiscal 2016 budget request, according to documentation provided by the DOD CIO's office.

Dunford made cybersecurity a policy focus in his previous role as commandant of the Marine Corps; in January, he issued guidance to the Corps that highlighted cybersecurity as a critical domain in which to build capacity.

In his Dec. 14 remarks, Dunford said he would devote some time as Joint Chiefs chairman to enhancing the Pentagon's ability to deter adversaries in cyberspace.

"Clearly, we have challenges in cyber not only to protect ourselves, but also the development of offensive cyber capabilities," he said, adding that "cyber deterrence is an area we probably need to spend some time on."

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.