Defense Dept. Must Tighten Oversight of Network Users, Says DISA Official
Improvements in cybersecurity across the Defense Department will require tighter internal controls, Air Force Maj. Gen. Ronnie D. Hawkins Jr. said March 31 at the Air Force Association’s "CyberFutures" conference. “We need to look at individual actors, and that’s you and I,” he told an audience of service members and industry representatives.
Hawkins said that every network use must be educated and trained about Internet security. Part of the problem today is that those who make laws and regulations may not fully understand the nuance of cybersecurity. He suggested online training and official certification for everyone — from senior leaders down to the rank and file.
He said that the Pentagon should have a disciplinary structure comparable to an accident review board for matters involving networks. If someone were found to have done something wrong, they could lose their certification, Hawkins said.
The military services need to work closer together in this area, he said. Organizations are sharing information after intrusions and attacks occur, but they are not collaborating on the front end. “We need to break down the silos between the different services,” Hawkins said. Tightening budgets and increasingly more sophisticated attacks should will lead to greater collaboration, he added. “None of us wants our networks attacked,” he said.“None of us wants our intellectual capital stolen.”
Attacks generally come in through the "back door" and, while aimed at similar targets, are perpetrated by individuals with different motives. He pointed to the recent string of attacks launched against organizations that had cut off business with WikiLeaks. The attacks were focused on the same targets but were carried out by a diverse cadre of cyber-intruders, all with their own views on the matter.
Even after a breach has been identified, it is a struggle to know if a network will be safe in the long run. Hawkins cited recent and consistent phishing attacks aimed at Nasdaq as an example. A report, he said, was issued saying that no information was extracted from the Nasdaq’s network during the attack. But that doesn’t mean the intrusion is over, Hawkins said. Those responsible might have just been planting the seeds of a larger operation. “We don’t know when it will be extracted,” he said. “We often don’t know when that attack is going to take place.”