Transcom head warns of cyber risks to civilian infrastructure

Air Force Gen. Darren McDew, head of the U.S. Transportation Command, told lawmakers at that the commercial companies the military depends on to move troops and material are too vulnerable to cyberattacks.

The U.S. military relies heavily on the commercial transportation sector when it comes to large-scale troop mobilization, McDew said at an April 10 hearing of the Senate Armed Services Committee. McDew said that commercial carriers supply 90 percent of the capacity to take troops to war, and 40 percent of material movement is accomplished with vendors in the cargo industry.

While the Department of Defense is able to impose strict cybersecurity standards on its own systems, it has limited capacity to bring contractors up to those same security levels.

"The ones most vulnerable are the ones I don't own," McDew said. "That’s commercial industry."

Cyberattacks don't have to knock planes out of the sky or incapacitate cargo ships to be successful. Even attacks that appear to simply have nuisance value can harm the U.S. military's ability to respond in a time of war.

"The reality of our time is that adversaries no longer have to stop us with bombs or bullets; all they have to do is slow us down with ones and zeroes," McDew said. He went on to specify that "every one of our potential adversaries understands our vulnerabilities in rail."

McDew noted that Transcom has the authority to inspect cyber defenses at contractors. "That's a relatively new one that we've not exercised yet," he said. But McDew noted that without national cybersecurity standards, the command may have problems attracting vendors who are willing to commit to securing their systems.

"We put cyber standards in every one of our contracts. They're not as stringent as we want them to be, but we're trying to work with industry to bring them along," McDew said. "If we push them too fast and too hard, without the help of Congress and a national standard, I'm not sure they'll stick with us."

U.S. Transcom is also taking a leadership role in cloud computing. In his written testimony, McDew said that already 25 percent of Transcom programs and applications are in the cloud and that the command is serving as a "pathfinder" for the Defense Department. The command "is setting conditions for success for the rest of the DOD," McDew said. "We'll proudly continue to serve as the pathfinder for defense cloud computing. Moving to the cloud not only improves security, it is also a key requirement in harnessing the power of data."

McDew did not mention and was not asked about a recent Pentagon move to scale back a $950 million cloud contract with Amazon reseller REAN Cloud. The deal was made under "other transaction authority,"  but it was protested by Oracle and eventually rescoped.

Cloud adoption is just one piece of a larger technological transformation planned for Transcom. The agency has partnered with the Defense Innovation Unit Experimental (DIUx), the  Defense Digital Services and the Strategic Capabilities Office to plan an enterprise "data lake" and tap artificial intelligence, machine learning and autonomous systems.

"Focusing on these technologies will also allow the enterprise to pursue a future in autonomous systems -- trucks that drive themselves, ships that can navigate oceans without human inputs and wide-body aircraft that can land on their own," McDew said.