The Pentagon plays security catch-up

Individual hackers can hurt national computer systems. Attackers have the advantage over defenders. Attributing attacks to specific groups is difficult.

For cyber security experts, these are obvious points of fact. Yet the U.S. military has only just arrived at these conclusions.

[ Master your security with InfoWorld’s interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld’s Security Central newsletter. | Keeop ahead of the key tech business news with InfoWorld’s Today’s Headlines: First Look newsletter. ]

In a column penned by the U.S. Deputy Secretary of Defense and published in Foreign Affairs, the Pentagon confirmed that a malicious computer program breached classified systems in an incident in 2008. The military’s response — dubbed, believe it or not, Operation Buckshot Yankee — has revamped the way the Pentagon handles cyber defense and operations and resulted in the creation of the U.S. Cyber Command.

Among the Department of Defense’s great realizations during this time: Responding to new attacks is hard when it takes 81 months from funding a security system to powering it on. If Moore’s Law holds true in the future, “this means that by the time systems are delivered, they are already at least four generations behind the state of the art,” writes U.S. Deputy Secretary of Defense William J. Lynn.

At least the policy-statement-as-a-column shows that the Pentagon is putting some serious thought into a hard problem. Currently, the U.S. military considers cyber space to be its own theater of war, albeit one that affects all the others: land, air, sea, and space. While the Department of Defense refrained from outlining its rules of engagement on the Internet — that is, when to attack — the column does spell out that military and government system defense will be more “active.”

The United States has only “begun to broach” the larger question of whether civilian systems, which of course are integral to the Internet’s functioning, will be similarly defended.

This story, “The Pentagon plays security catch-up,” was originally published at InfoWorld.com. Get the first word on important tech news with the InfoWorld Tech Watch blog.