U.S. Military Not Keeping Pace With Cyber Threats, Army Official Says
The U.S. military simply isn’t able to keep up with threats generated by hackers and cyber spies, an Army official said Oct. 14.
“On one hand we can feel very positive of our pace of progress that we’re making, but when you put that in context of what the threat is and the pace of change of the threat and the significance of the threat, you can’t but come to the conclusion that we’re not making progress at the pace the threat demands,” said Ronald Pontius, deputy to Army Cyber Command’s commanding general.
Over the past year there has been “tremendous progress” in the Army’s cyber defenses but more work still needs to be done, he said during a media briefing at the Association of the United States Army’s annual meeting in Washington, D.C.
Command Sgt. Maj. Rodney Harris said Army Cyber Command’s success at thwarting cyber intrusions couldn’t be measured by numbers alone.
“I don’t think you can say that we measure it by [the] number of adversaries we’re catching because they’ll always be there. You’ll always have vulnerabilities and you’re always going to have people in your networks,” he said.
However, because of the expertise of agencies such as U.S. Cyber Command, the country is safer. For instance, Harris referred to a major cyber attack this summer when the Pentagon’s Joint Staff had its email compromised.
“If that would have happened before we had the capability we have now there’s no telling how long that adversary would have been in the Joint Staff network,” he said. “It could have cost [a lot more] or could have been a lot more significant, although when you penetrated the Joint Staff network that’s significant in and of itself.”
It’s not about getting to a point where there are no attacks, Harris said. Rather, it’s about working to protect networks and weapon systems now.
Pontius said there is increasing recognition within the military that cyber must be dealt with at the highest echelons of a command. Cyber issues can no longer be regulated to just chief information officers. Operational commanders must be responsible for their own network, data and systems, he said.
The United States faces a “full spectrum” of cyber threats, he said.
“There’s the nation states, down to the … criminals [and] hacktivists,” he said. “There’s a whole realm of threats that we really have to be prepared for and in many cases in this environment that advantage is really to the threat actors because they only need to find one avenue to getting into your network or your data or your systems where we have to protect it all.”
Army Cyber Command is looking for ways to balance the threat with the reality that systems cannot always be fully protected, he said.
“The reality is you can’t 100 percent defend everything but you need to do best practices that are able to deal with about 80 percent of the threat from a defense point of view,” he said.