Cyber Defense Cost Pentagon $100 Million in Six Months, Officials Say
By Jim Garamone
American Forces Press Service
WASHINGTON, April 8, 2009 Defending the Defense Department’s global information grid from attacks cost the U.S. military more than $100 million over the past six months, U.S. Strategic Command officials said yesterday.
Air Force Gen. Kevin P. Chilton, Stratcom commander, and Army Brig. Gen. John Davis, deputy commander of Joint Task Force Global Network Operations, spoke from a cyber security conference in Omaha, Neb.
Chilton said Stratcom – charged with overseeing cyber operations – needs to treat computer network operations just as commanders treat operations on the land, in the air or on the sea. Defense Department networks are attacked thousands of times a day, he said. The attacks run the gamut from “bored teenagers to the nation state with criminal elements sandwiched in there.”
The motives of those attacking the networks go from just plain vandalism to theft of money or information to espionage. Protecting the networks is a huge challenge for the command, Chilton said.
“Pay me now or pay me later,” Davis said in assessing how to handle the threat. “In the last six months, we spent more than $100 million reacting to things on our networks after the fact. It would be nice to spend that money proactively to put things in place so we’d be more active and proactive in posture rather than cleaning up after the fact.”
Davis’ command is responsible for defensive and offensive operations in cyberspace. The expenses were in manpower, time, contractors, tools, technology and procedures, he said.
Training is needed for personnel to launch both defensive and offensive operations, Chilton said. “We need to train all our folks and we need high-end skill training,” he said.
Stratcom operates the Defense Department’s global information grid, Chilton noted. “We also have the responsibility to plan for and when directed to conduct offensive operations,” he said. “As in all domains, a good defense relies on a good offense.”
As in land, sea and air domains, the United States wants to retain freedom of action in the cyber domain, Chilton said. “We need to have the tools, skills and expertise in a time of conflict so we can maintain our freedom of action,” he said.
Chilton said Defense Department personnel need to change the way they think about cyberspace. “It’s not just a convenience. It’s a dependency that we have,” he said. “We need to change the way we conduct ourselves in cyberspace and hold our military folks to the same high standards that we hold our air, land and sea operators to.”
A prohibition on using so-called “thumb-drives” and other portable data storage devices on Defense Department computers will remain in effect, Davis said. “I don’t think anybody realizes how much better shape we’d be in if we just did the basics right,” he said. “People need to just apply the basic rules and procedures that have been put in place to protect ourselves.”
While this won’t stop the more sophisticated threats, “it sure will get rid of the thousands of things that clutter the environment,” Davis said.