National Defense > Blog > Posts > Air Force to Increase Cybersecurity Spending: Focus on Software and Data Protection

6/7/2010

Air Force to Increase Cybersecurity Spending: Focus on Software and Data Protection
The Air Force is seeking a $300 million boost to its $2 billion information-technology budget to pay for cybersecurity programs.

The extra money will target projects such as encrypting software that is used on mobile devices and securing data on social networks.

“We had been focused on protecting the network, but … the threat is now in the applications and the data,” said Air Force Lt. Gen. William T. Lord, chief of war-fighting integration and chief information officer.

Lord spoke to IT industry representatives at a FedSources executive breakfast.

There are 19,000 software applications in the Air Force, Lord said. Each piece of software comes with hundreds of “vulnerabilities,” he said. Part of the $300 million budget increase, he said, will be spent on eliminating vulnerabilities in off-the-shelf applications.

Lord also said he is looking for contractor help in figuring out how to protect data within the context of social media, which are becoming standard in the Air Force’s day-to-day business.

Mobile applications and the integration of mobile devices into the Air Force infrastructure is another priority, Lord said.

“We need communications on the move,” he told contractors. “Help us understand how we can take big [enterprise resource planning] ERP systems and make them small applications that we carry around,” he said. “And, help us understand and deal with the security implications of those new edge devices.”

The problem, he said, is not in the devices end but rather in the infrastructure. Mobile devices are becoming essential to critical military operations, he said, and must be more effectively and securely incorporated into the Air Force IT infrastructure.

Lord said it is becoming more difficult to procure cybersecurity capabilities because many of the processes, products, and procedures involved in enhancing cyberdefenses fall outside the realm of traditional IT.

Just about every aspect of Air Force operations now requires the protection of cyberspace, Lord noted. Air Force pilots now fly Predator unmanned aircraft over Afghanistan from bases in Nevada. “That’s a 9,000-mile thread,” Lord said. The challenge is to ensure that the information systems that support these operations are always available and safe from intrusions or attacks, he added.

Lord said the Air Force soon will have a new “chief technology officer” to help oversee cybersecurity programs. Currently Kent Werner serves both as CTO and as director of enterprise transformation. Lord wants to have a dedicated CTO who can work more closely with industry.

The Air Force’s plans to boost spending on cybersecurity come amid a broader Pentagon-wide review of IT acquisition that was mandated by Congress in the Fiscal Year 2010 National Defense Authorization Act.

Frank Kendall, the Pentagon’s No. 2 acquisition official, is in charge of drafting a new acquisition process for IT systems, which is due on Capitol Hill in July.

Lawmakers have criticized the Pentagon’s IT acquisition process for being too slow and overly bureaucratized. As a result, the Defense Department often fields technologically outdated systems. This is a significant concern in cybersecurity because technologies must keep pace with the potential threats. Congress also questioned the fragmented oversight of IT acquisitions, which are under the purview of Ashton Carter, undersecretary of defense for acquisition, technology and logistics; and of the assistant secretary of defense for networks and information integration.

The Air Force, as well as the other military services, not only is ramping up its own cyberdefense efforts but being asked to help the new U.S. Cyber Command enhance defensive measures across the entire Defense Department. Cybercom, for instance, is seeking to achieve an “integrated common operating picture” of the entire defense cyber domain.

A major hurdle for Cyber Command is that it lacks comprehensive visibility of the military’s cyberspace, which limits its capacity to prevent attacks, said Army Lt. Gen. Keith Alexander, head of Cyber Command. “We need real-time situational awareness in our networks so if we see something we can take action in real time,” said Alexander in a speech last week.

Defense contractors often advertise software products that provide such awareness, but these magic solutions don’t yet exist, said Alexander. “We do not have a common operating picture for our networks,” he said. “We need to build that.”

Companies say they are working on it, “but we don’t have it, not in the breadth that we need,” said Alexander.

Plugging this gap will require not just new technology but also extensive coordination among the military services and other federal agencies, he said.
Posted at 2:47 PM by Sandra Erwin | Permalink | Email this Post | Comments (0)

Comments

There are no comments yet for this post.
Items on this list require content approval. Your submission will not appear in public views until approved by someone with proper rights. More information on content approval.

Name: *

eMail *

Comment *

Title

Attachments

Name: *


eMail *


Comment *


 

Refresh
Please enter the text displayed in the image.
The picture contains 6 characters.

Characters *

  

Legal Notice *

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

 

 

Bookmark and Share