Cartwright: DOD should focus on security measures, training

Marine Corps Gen. James Cartwright, commander of Strategic Command (Stratcom), said the Defense Department’s worldwide security stand-down Nov. 29 will emphasize that cyberthreats to DOD’s military and civilian computer networks are as real and significant as physical threats to the military’s forces in combat.

“Within this context, Stratcom, through the Joint Task Force for Global Network Operations (JTF-GNO), has taken the opportunity to focus on the importance of sound network security practices, training and measures across the Global Information Grid with a DOD security stand-down,” Cartwright said in an e-mail message. GIG encompasses the military’s voice, video and data networks.

Cartwright said Stratcom identifies and mitigates threats to and vulnerabilities in DOD networks on a daily basis. He added that the command recognizes that it must continue to take steps to protect against a dynamic threat.

DOD’s security stand-down will focus on proper practices for information assurance and network security, including changing passwords, scanning systems and applying patches. During the event, military and civilian employees at the major commands, services and agencies will stand down from their duties and devote attention to better protecting DOD’s data and systems.

Stratcom issued the stand-down order earlier this month. It is one the military’s nine major commands with responsibilities that include overseeing the operation and protection of the military’s networks through JTF-GNO.

However, although Alan Paller, director of research at the SANS Institute, and Eugene Spafford, a computer sciences professor at Purdue University, closely follow DOD computer security matters, they said they did not know about the stand-down.

“It definitely sounds interesting, but it isn’t clear that the news has spread widely or else maybe it isn’t quite so important,” said Spafford, adding that the security stand-down might tie in with National Computer Security Day Nov. 30.

Earlier this year, Federal Computer Week reported that Chinese hackers had accessed DOD networks and obtained military secrets, including future command and control information. DOD officials are now considering new policy and acquisition initiatives to improve information assurance.