Pentagon Seeks More Cybersecurity Funding

Pentagon Seeks More Cybersecurity Funding

The Pentagon wants more funding to protect its computer networks from attack as Congress considers legislation to allow intelligence agencies to share information about potential threats with the private sector.

The Defense Department’s spending on so-called cyberspace operations would jump 21 percent to $4.7 billion in fiscal 2014, which begins Oct. 1. The figures are part of President Barack Obama’s budget request, released on April 10, two months after the statutory deadline.

While the budget proposal may not get much traction in Congress due to the gulf between Republicans and Democrats over taxes and spending, there is some bipartisan agreement that the Pentagon should increase its investment in priorities such as cybersecurity.


The House on April 17 is expected to debate the Cyber Intelligence Sharing and Protection Act. The bill, H.R. 624, was sponsored by Rep. Mike Rogers, R-Mich., chairman of the House Intelligence Committee, and co-sponsored by Rep. C.A. “Dutch” Ruppersberger, D-Md., the panel’s ranking member.

The legislation would allow agencies such as the Defense Department and National Security Agency to share anonymous information about cyber threats with the private sector. Like government agencies, companies from Google Inc. to Lockheed Martin Corp., the world’s largest defense contractor, have been targeted in computer attacks traced to groups in China and other countries.

Lockheed and L-3 Communications Holdings Inc. in 2011 had their networks disrupted after hackers gained codes to authenticating devices called RSA SecurID made by EMC Corp. (The tokens are also used by Military.com’s parent company, Monster Worldwide Inc.).

A Chinese espionage group since 2006 has stolen hundreds of terabytes of information from at least 141 companies across 20 major industries, including aerospace and defense, according to a February report from Mandiant, a closely held company based in Alexandria that sells information-security services.

Cyber theft is estimated to cost as much as $400 billion in economic losses a year and “many of the same vulnerabilities used to steal trade secrets can be used to attack the critical infrastructure we depend on every day,” according to a background briefing on the legislation.

The defense budget proposes increasing the department’s “investments in its cyber workforce,” Defense Secretary Chuck Hagel said during last week’s budget briefing.

The Pentagon over the next three years plans to hire more military and civilian personnel and contractors at U.S. Cyber Command. The employees will be part of regional teams in Maryland, Texas, Georgia and Hawaii.

The department is building a joint operations center for the command at Fort Meade, Maryland. Construction is slated to begin in 2014, with tenants occupying the facility in 2017.

The military will fund efforts to automatically detect vulnerabilities on classified networks, buy software that looks for suspect files, and support other operations to “detect, deter and, if directed, respond to threats,” according to an overview of the budget.

The boost in cybersecurity funding is part of a larger trend across the federal government. The Obama administration’s budget would spend more than $13 billion on such programs. That amounts to about 16 percent of the government’s $82 billion information-technology budget.

Join the Conversation

We don’t need billions of dollars and thousands of military personnel to secure the DoD networks, you simply make the networks private i.e DO NOT CONNECT TO THE THE PUBLIC INTERNET you big dummies!!!

It doesn’t take a PhD to figure out that as all long as there is is a connection between two networks, the hackers will get it, no matter how good your “security” is. Internet security is only an illusion.

For the army itself, this is already in place. There is a physical “Air Gap” (I.e. No wire) between the military intranet and the public internet. However, this cannot be said about contractors and malware that migrates on portable drives. Also, anything useful in cybersecurity is useful in cyberwarfare.

There’s no such thing as that “Air Gap”, “Jcross” — it’s been well-bridged by both ubiquitous wifi, and those pesky little “porta-drives”…and, “Big-Dean”, there really isn’t enough TIN CANS & STRING to make that “private network” you imagine MIGHT exist somewhere…Unless you propose a fully-wired, BRICKED “Wall-of-China” around CONUS…

No, sorry, the Global Internet is here to stay — thank God — and it must be always resilient, robust, inter-operative, and, SECURE…That’s gonna cost $Billions, and better we DO cut the SocSec COLAS, than sacrifice our childrens’ safe, secure, WIRED FUTURE, even if those “wires” are fiber-optic cabling…Either we DROWN in the waves of the FUTURE, or, WE SURF them… I’d rather “hang ten”, so, cow-a-bunga, dudes…

No, this is mistaken. There is a Air Gap for the classified intranets, most notably SIPRnet only penetrable by authorized personnel with removable drives. The leaks are a good example, they weren’t downloaded to a website, they were burned to discs (Music CD-RWs) from a secure terminal and then smuggled away. Not internet, Sneaker-net.

Yes, Jcross is correct, highly sensitive systems are airwalled. That said, air gaps do not work for all systems, and some simply need connectivity. I cannot comment on military systems because I do not know the corporate “requirements” in place for those, but for things like industrial control, “SCADA”, and separately healthcare fields and educational entities (universities), I can tell people that airwalling is often not practiced. But before anyone leaps to conclusions about how insecure that supposedly is, I’d warn you all to actually *understand* how break-ins and data loss occurs and why it’s simply not a big deal for systems in *those* fields to not be air gapped. It’s simply not a bad thing that that’s not practiced. No offense to commentor Big-Dean up above, but the oversimplification that a connected computer will inevitably be broken into is sheer myth. That badly misunderstands how layered defenses, monitoring/detection, and mitigation processes work.

A truly secure system doesn’t have to rely on airwalling. In fact, that could bestow an illusion of security without actually being secure. I’d be far less concerned about a well monitored system with smart, layered defenses in front of them and administrators wielding proper monitoring, mitigation, and recovery plans behind them being connected to the internet than I would an system that was airwalled but had only moderate physical security. Airwalling doesn’t mean jack if you don’t properly practice the critical controls. But a computer with a fat pipe connecting it is very secure if it’s administered properly, and no matter that it’s connected to the world.

Too much can be made of airwalling. And too many outside the field think too highly of malicious intruders abilities and not enough of truly educated and experienced administrators. Take a close look at many of the “hacking” stories you see and tell me what level of penetration was actually achieved. Too often, it’s nowhere near as bad as the press likes to exaggerate it to. I could care less if an intruder got the same level of access my janitor does.

This is much better said than the rather brief commentary that I made. Proper encryption and UAC is much more important when dealing with intrusions. The SIPRnet was actually a good example of poor administration. One the airwall was penetrated, one user downloaded a truly absurd amount of classified information with very little interruption.

yes reminds me of the Johnny Walker days takn pics of crypto to sell, now its removable devices that are the leaks, I also wonder if a PC is made in say China is there already some type of spy bot already inbedded in the systems hardware, how do we know if the pc we buy at the echange is not already loaded with spybots?????????

Part of our problem is the fragmentation that comes from system bunkering and secure silos. As suggested in the article, DOD, NSA and others have valuable information that, if shared securely, could prevent cyber attacks — or perhaps exploding pressure cookers. We need the network. The half-life of information declines as the threat escalates.

I wonder what intelligence our enemies are obtaining reading all of these comments? Do you really need to discuss this in an open public forum?

I think the decision to fund an extra 21 percent for cyber warfare is a good decision. We need to spend the money right. In my opinion we don’t have enough cyber sureties, a recruitment of one million cyber sureties over the next five years and the building of new training facilities would be top priority if I was in the pentagon. Nobody will probably read this but it’s the thought that counts. If we don’t train mass amounts of airmen for this job china and other coutries such as india will become more powerfull than our great country the United States of America.

Don’t laugh — but there could be some truth to this.….…. This message will self-destruct in 5 seconds. No one had these type of problems years ago, and there is something to be said about that. Also, I believe in the KISS method, as in keep it simple stupid. You simply do not use the net (inter or intra) for this stuff. It;s like posting TOP SECRET information on the net to everyone with no clearance. Take the challenge away and by by superhackers. Better yet, decoy false information in the current method. The best offense is the best defense. If there is a way to make it, there is a way to break it. Like, every action has an equal and opposite reaction.

*required

NOTE: Comments are limited to 2500 characters and spaces.

By commenting on this topic you agree to the terms and conditions of our User Agreement

AdChoices | Like us on , follow us on and join us on Google+
© 2014 Military Advantage
A Monster Company.