It is no secret that the U.S. Department of Defense is seeking ways to better safeguard sensitive information against the growing threat of cyber theft. Three recent announcements outline some of the specific steps DoD is taking to beef up those defenses.
On Oct. 24, DoD unveiled new measures to protect “unclassified controlled technical information” concerning defense systems requirements, concepts of operations, technologies, designs, engineering, systems production and component manufacturing. The measures include: developing policies, guidance and rules to improve the protection of technical information that resides on or passes through defense contractor systems or networks; requiring defense contractors to incorporate established security standards on their networks and report cyber intrusions that result in the loss of sensitive information; setting up a joint analysis cell, led by the Pentagon acquisition chief, to assess losses of technical information; and identifying critical acquisition and technology programs that require more protection.
Sensitive unclassified information is being targeted by potential adversaries, and losing it could harm national security even though it lacks the “classified” designation, the department said. The problem was underscored by the recent theft of unclassified data about the F-35 fighter jet program.
“The opportunity to gain access to sensitive unclassified information is simply too unconstrained, and we must rethink how we safeguard our technical information,” DoD spokeswoman Jennifer Elzea said. “The department must be sure that unclassified controlled technical information is protected from network intrusion and that any consequences associated with loss of this information are assessed and minimized.”
DoD’s research arm, the Defense Advanced Research Projects Agency (DARPA), also has a new cyber initiative in the works. On Oct. 22, DARPA announced it will hold the Cyber Grand Challenge, a tournament intended to encourage advances in detecting and fixing security flaws in computer networks. Teams will compete for a $2-million grand prize.
The goal of the multi-year activity is “to vastly improve the speed and effectiveness of [information technology] security against escalating cyber threats,” DARPA said.
DoD is not limiting its cybersecurity efforts to U.S. territory. On Oct. 23, Defense Secretary Chuck Hagel announced that NATO’s new Computer Incident Response Center, which is designed to defend allied computer networks against cyber intrusion, will achieve its full operational capability the week of Oct. 27. Speaking to reporters after attending a meeting of NATO defense ministers in Brussels, Hagel also revealed that the United States backs a proposal for the center to have teams of experts that can deploy quickly to help NATO nations deal with cyber intrusions or attacks.
“It was agreed that the alliance must do more to deal with cyber threats,” he said, “and this will remain a top priority going forward.”