Grey Havoc

ACCESS: USAP
Senior Member
Joined
9 October 2009
Messages
21,147
Reaction score
12,249
Via the Drudge Report:

Pentagon to boost cybersecurity force (Washington Post)

The Pentagon has approved a major expansion of its cybersecurity force over the next several years, increasing its size more than fivefold to bolster the nation’s ability to defend critical computer systems and conduct offensive computer operations against foreign adversaries, according to U.S. officials.

The move, requested by the head of the Defense Department’s Cyber Command, is part of an effort to turn an organization that has focused largely on defensive measures into the equivalent of an Internet-era fighting force. The command, made up of about 900 personnel, will expand to include 4,900 troops and civilians.

Details of the plan have not been finalized, but the decision to expand the Cyber Command was made by senior Pentagon officials late last year in recognition of a growing threat in cyberspace, said officials, who spoke on the condition of anonymity because the expansion has not been formally announced. The gravity of that threat, they said, has been highlighted by a string of sabotage attacks, including one in which a virus was used to wipe dat a from more than 30,000 computers at a Saudi Arabian state oil company last summer.

The plan calls for the creation of three types of forces under the Cyber Command: “national mission forces” to protect computer systems that undergird electrical grids, power plants and other infrastructure deemed critical to national and economic security; “combat mission forces” to help commanders abroad plan and execute attacks or other offensive operations; and “cyber protection forces” to fortify the Defense Department’s networks.

Targeting ‘malicious actors’

Although the command was established three years ago for some of these purposes, it has largely been consumed by the need to develop policy and legal frameworks and ensure that the military networks are defended. Current and former defense officials said the plan will allow the command to better fulfill its mission.

“Given the malicious actors that are out there and the development of the technology, in my mind, there’s little doubt that some adversary is going to attempt a significant cyberattack on the United States at some point,” said William J. Lynn III, a former deputy defense secretary who helped fashion the Pentagon’s cybersecurity strategy. “The only question is whether we’re going to take the necessary steps like this one to deflect the impact of the attack in advance or . . . read about the steps we should have taken in some post-attack commission report.”

Although generally agreed to by the military’s service chiefs, the plan has raised concerns about how the Army, Navy, Marines and Air Force will find so many qualified cybersecurity personnel and train them. It also raises deeper issues — which are likely to intensify as the Cyber Command grows over the years — about how closely the command should be aligned with the National Security Agency, the giant electronic-spying agency that provides much of its intelligence support.

The head of the Cyber Command, Gen. Keith B. Alexander, is also the director of the NSA, which employs some of the nation’s most advanced cyber-operations specialists.

The new force structure was alluded to last fall in a major speech by Defense Secretary Leon E. Panetta, who said, “Our mission is to defend the nation,” and noted that the department was “putting in place the policies and organizations we need to execute the mission.”


Hmmmm.
 
http://www.washingtonpost.com/world/national-security/white-house-to-preserve-controversial-policy-on-nsa-cyber-command-leadership/2013/12/13/4bb56a48-6403-11e3-a373-0f9f2d1c2b61_story.html
 
 

DoD releases zero-trust strategy to thwart hackers who ‘often’ breach network ‘perimeter’​

After months of teasing its zero-trust strategy, the Defense Department today released its plan outlining what it’ll take to achieve “targeted zero trust” by fiscal 2027 to address current threats, including those posed by adversaries like China — starting with a zero-trust cloud pilot this fiscal year.
“With zero trust we are assuming that a network is already compromised and through recurring user authentication and authentic authorization, we will thwart and frustrate an adversary from moving through a network and also quickly identify them and mitigate damage and the vulnerability they may have exploited,”
The strategy is broken down into types of zero-trust goals: “targeted” zero trust, which is a required minimal set of activities DoD and its components need to achieve by FY27, and “advanced” zero trust, which provides the highest level of protection
“So we defined target as that level of ability where we’re actually containing, slowing down or stopping the adversary from exploiting our networks,” Resnick said. “So compared to today, where an adversary could do an attack and then go laterally through the network frequently under the noise floor of detection, with zero trust, that’s not going to be possible.”
 
Hopefully with this new strategy they might be truly able from now in preventing the would be hackers from doing anything they want after god knows how many times US military networks have been breached and instead ruin their day with something that resembles this scenario
 

Similar threads

Please donate to support the forum.

Back
Top Bottom