‘Automated scorecard’ to build up a picture of US military system vulnerabilities to help prioritise fixes
The US Military is to build a massive database of system vulnerabilities in order to track threats to critical systems and remain one step ahead of hackers.
The Pentagon said that its cyber ‘scorecard’ will assess and identify flaws in American military computer networks, weapons systems, and installations.
The thinking is that this scorecard will help officials prioritise how to fix them, the deputy commander of US Cyber Command told Reuters on Thursday.
Air Force Lieutenant General Kevin McLaughlin reportedly said that US officials should reach agreement on a framework within months. The long term aim is to turn the system into an automated “scorecard”.
Earlier this year the Pentagon warned that future weapon platforms needed to be secured against any form of cyber intrusion. The US military has previous admitted that cyber attacks on US weapons programs and manufacturers are a “pervasive” problem that requires greater attention.
The new scorecard system will initially compiled by hand, but McLaughlin said that the goal is to create a fully automated system that would help defence officials instantaneously detect and respond to cyber attacks.
McLaughlin, speaking at the annual Billington Cybersecurity Summit, also said that the US Cyber Command had already set up about half of 133 planned cyber response teams with about 6,200 people, and all of them would achieve an initial operational capability by the end of 2016.
The initial focus of the new scorecard system will be on the greatest threats, including elderly weapons systems developed 30 years ago, before the advent of cyber hacking, as well as newer systems that are simply not secure enough.
“There’s probably not enough money in the world to fix all those things, but the question is what’s most important, where should we put our resources as we eat the elephant one bite at a time,” he is quoted as saying.
According to McLaughlin, the scorecard was initially intended to look at weapons and networks, but the Pentagon has now broadened its remit to take a wider approach, which also includes how data is moved between different agencies within the US military.
The Pentagon has made no secret about the fact that it believes that foreign nations such as China and Russia are carrying out cyber-attacks against US defense systems and contractors. Indeed, cyber attacks against US defence contractors have been ongoing for a number of years now.
In 2011, the Pentagon admitted that a foreign government was behind a cyber-attack against US military computers that led to 24,000 files being stolen from a defence contractor.
In 2012, the White House was forced denied reports that critical information had been stolen after reports suggested that Chinese hackers had penetrated US systems used to access nuclear secrets.
In 2013, a confidential report for Pentagon, produced by the Defense Science Board, revealed that more than 24 major weapons designs belonging to the US had been pilfered by Chinese hackers, including ones deemed critical to America’s defensive and offensive operations. Information stolen concerned information on US missile defenses, combat aircraft and ships.
And in January this year, the Defense Department’s chief weapons tester told the US Congress that nearly every US weapons programme showed “significant vulnerabilities” to cyber attacks, including misconfigured, unpatched and outdated software.
Indeed, so serious has the issue become that President Barack Obama has included a demand in his fiscal 2016 budget proposal for $14bn (£9.23bn) to bolster cybersecurity protection. That money would be used to protect federal and private networks from hacking threats. And it seems that $5.5bn ($3.6bn) of that money alone would be used to secure the Pentagon.
The Pentagon has previously said that the United States military has the right to retaliate with military force against a cyber-attack.
Are you a security expert? Try our quiz!