President-elect Barack Obama will inherit a Department of Defense increasingly concerned about advance cyber-threats to the nation’s civilian and military information infrastructures, according to a report by the Defense Science Board.
The Board, a federal advisory committee established to provide independent advice to the Secretary of Defense, said in its Nov. 4 report, “Defense Imperatives for the New Administration,” (PDF) that while many cyber-security studies are under way and budgets are being developed under President Bush’s classified National Cyber Security Initiative, much more needs to be done. The National Cyber Security Initiative was begun in January and is estimated to cost as much as $30 billion over the next seven years.
“There has been little actual progress to date in terms of implementing cyber-security improvements against advanced threats,” the report stated. “The options open to adversaries are many and varied.”
In particular, the report singles out the U.S. approach of a “perimeter defense,” placing digital fences around computers, weapons systems or networks to ward off would-be penetrators.
“It has been shown repeatedly that perimeter defenses can be defeated, sometimes by rather unsophisticated attacks and almost always by more advanced approaches,” the report stated. “The United States has highly sophisticated experts, and [when] they have been asked to penetrate our own systems their record of success is 100 percent.”
The board recommends that the new administration “accelerate implementation of near-term, well understood measures to improve cyber-defense,” including the use of automated tools and algorithms to detect suspicious activity, much more frequent upgrades to hardware and software elements of critical systems, and creation of a means of reconstituting the network using an independent communication path not associated with the compromised network.
The panel also expressed concern about space-based security assets that surveillance, communication and navigation services depend heavily upon.
“While many defensive measures will need to be taken over time, we recommend that improvements to space situational awareness be the immediate first step,” the panel said. “Understanding what the threats to our space assets are, where they are and what they may or may not do underlies all other defensive actions.”
The Bush administration has been widely criticized by security experts as de-emphasizing cyber-security and hamstringing the authority of officials in charge of governmentwide cyber-security.
Obama, though, said in July, “As president, I’ll make cyber-security the top priority that it should be in the 21st century. I’ll declare our cyber-infrastructure a strategic asset, and appoint a national cyber-adviser, who will report directly to me.”