Twitter Facebook Google RSS
 
National Defense > Blog > Posts > Top Scientist Laments Air Force's Poor Awareness in Cyberspace

7/17/2012

Top Scientist Laments Air Force's Poor Awareness in Cyberspace
By Dan Parsons



Every mission the U.S. Air Force takes on is in some way vulnerable to cyber-attacks, but intelligence about these threats is woefully lacking, its chief scientist said.

“Right now we do not have good situational awareness,” said Mark T. Maybury, chief scientist of the Air Force. “Cyber is something we’re dependent upon throughout our entire enterprise," he said July 17 at an Air Force Association breakfast meeting in Arlington, Va. “We have not found a single mission today that is not dependent on cyber.”

To address the growing security concerns within cyberspace, the Air Force has launched Cyber Vision 2025, a project to develop a framework for upgrading the nation’s electronic warfare capabilities over the next decade.

The cybersecurity effort could cost up to $4 billion, but that number is merely half or perhaps a third of what the Defense Department will spend on cybersecurity in the same timeframe, Maybury said. Priorities include protecting information-centric weapon systems such as in the highly computerized F-35 Joint Strike Fighter, he said.

“First and foremost, what we need to do is have better awareness,” Maybury said. “Ideally you want to know not only what’s going on now — who’s where and when — but also, you’d like to be able to predict what they’re likely to do.”

In cyberspace, as on a physical battlefield, “exquisite awareness … is probably impossible,” Maybury said, referring to a situation where a commander knows the movements and intentions of everyone involved in a contingency.

“In some respects it’s more of the same” as gathering intelligence in a physical environment, Maybury said. “But in cyberspace, attacks can be very, very fast” and numerous.
 
“The offense has been industrialized while defense [against cyber-attacks] is still a cottage industry,” he said. “Our adversaries now have the ability to take a piece of software and automatically scan that software looking for vulnerabilities. So, they’re automating ... the attack process. We’re defenders, but to be a good defenders, you’ve got to understand what the bad guy’s going to do to you.”

One problem for U.S. cybersecurity efforts is that the United States is being outpaced in churning out computer scientists, especially by China, its chief rival in cyberspace, analysts said. In 2025, the United States is expected to produce 3,800 computer-science PhDs, half of whom will not remain in the country, Maybury said. China, by that year, will produce 8,500 PhDs annually.

In 2011, there were an estimated 2.9 million unique “threat signatures” that the Air Force identified against U.S. computing systems. That number is expected to climb to as many as 200 million individual threats by 2025, in part because the process of launching cyber-attacks has become more automated, Maybury said.

Computing and data storage are increasingly accomplished with commercial technology. With much of those components and the software they run created overseas, “huge vulnerabilities” are developing that must be anticipated and addressed, Maybury said. Technology designed specifically for military use is no less vulnerable to threats launched from cyberspace.

Nearly all of the military's communications equipment and vehicles have become significantly more automated. Whereas an F-4 Phantom jet of the 1960s was 5 percent computerized, the F-35 Joint Strike Fighter is 90 percent automated and every one of its computer systems is a potential soft spot for hackers, Maybury said.

The nation also must worry about protecting critical civilian infrastructure, he said. Citing the mid-July storms that left much of the Washington, D.C., area without power for several days, Maybury said “it unfortunately would not take a lot” to duplicate such results with a well-coordinated cyber-attack.

The Air Force has taken the lead on shoring up U.S. defenses against cyber-attacks. “We’re expected to do this, it’s our mission,” he said. “We also believe we can do it. Also, an important aspect is not only have we been asked to do it … no one else is doing it.”
 
Posted at 1:56 PM by Dan Parsons | Permalink | Email this Post | Comments (0)

Comments

There are no comments yet for this post.
Items on this list require content approval. Your submission will not appear in public views until approved by someone with proper rights. More information on content approval.

Name: *

eMail *

Comment *

Title

Attachments

Name: *


eMail *


Comment *


 

Refresh
Please enter the text displayed in the image.
The picture contains 6 characters.

Characters *

  

Legal Notice *

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

 

 

Bookmark and Share