Pentagon Will Seek Cybersecurity Partners in Industry and Academia
“We’re seeing so much activity out there from so many actors,” Bob Butler, deputy assistant defense secretary for cyberpolicy, told reporters at a breakfast meeting in Washington, D.C. “There are nation states, militant groups, a whole lot of other organizations … People everyday find a new way to use the Internet.”
The Defense Department recently took part in Cyber Storm III, an exercise to test the U.S. response to a large-scale cyberattack on critical infrastructure. “The DoD had a role, but it wasn’t the lead role,” Butler noted. The drill included participants from seven U.S. government departments, 12 other countries, and 60 private companies.
Pentagon officials recently brought up the idea of creating a secure network to protect infrastructure such as the nation’s power grids, communications systems and financial markets, all of which rely on the Internet to operate.
“DoD’s focus is about getting into the mix,” Butler said. A proposal to shield government data in a “dot.secure” environment is just one option to deal with the threat.
Some academic institutions are eager to participate.
The Georgia Tech Research Institute this month created a research laboratory that will aid the military with ideas and, maybe, weapons for cyberwar — whatever that might be.
“DoD doesn’t really have a definition for what a cyberwarrior is,” said Bo Rotoloni, acting director of the Cyber Technology and Information Security Laboratory. “What duties and skills would a cyberwarrior have? What tools would he use? You can’t project power [in cyberspace] the way you can by putting an [aircraft] carrier out there.”
Georgia Tech’s cyberlab aims to help the Defense Department define these things and develop a sound “mission-focused cyberdefense,” Rotoloni said.
Researchers in the lab will pursue opportunities with the Pentagon and Department of Homeland Security, as well as local, state and foreign governments. The lab consists of three divisions, one of which focuses on countering adversary information networks.
This division will investigate scenarios of offensive operations in cyberspace, something that military leaders have been reluctant to discuss openly. Researchers at the lab are developing techniques to simulate hostile intrusion attempts into networks. They also have created a program called Spider Sense, which crawls the Internet and automatically exploits websites.
Two of the biggest challenges, Butler said, are determining who is responsible for a cyberattack and who will respond.
“There is no return mail address” attached to an attack, he said. Further, Butler added, the Defense Department is still hashing out with other agencies who has the authority to do what when malicious activity occurs.
Butler said the Defense Department is expected to unveil a new national strategy for cybersecurity operations by year’s end.