Forwarded From: Gary Porter <grporter@nps.navy.mil>
Federal Computer Week
JULY 13, 1998
DOD preps office for cyberdefense
BY DANIEL M. VERTON (dan_verton@fcw.com)
The Defense Department plans to create a new military organization to
spearhead DOD's effort to protect the nation's critical computer systems
against information warfare attacks, marking the first time DOD has taken
responsibility for protecting infrastructure within the United States.
Under the plan, which is now being finalized, DOD will establish a new
organization under the assistant secretary of Defense for command,
control, communications and intelligence, according to Deputy Secretary of
Defense John J. Hamre, who spoke last month at the Defense Special Weapons
Agency (DSWA) Annual International Conference on Controlling Arms.
The announcement of the office comes at a time when DOD is planning the
reorganization of the ASD/C3I office.The new organization will oversee
DOD's role in protecting the nation's critical information infrastructure,
such as those computer systems that operate electric and natural-gas
utilities, air traffic control, telecommunications and weapons systems.
Although DOD is responsible for defending against attacks to locks and
dams in the United States, defense of all other infrastructure is the
responsibility of national and local law enforcement agencies. "I believe
that's an artificial distinction," Hamre told conference attendees.
"Cyberspace doesn't know geographical boundaries."
DOD officials met this past weekend to discuss the new organization but
declined to comment last week.
The Pentagon also is considering the formation of a reserve cadre of
"cyberdefense warriors," who would have hands-on responsibility for
protecting the nation's sensitive information networks and systems from
information warfare attacks.
According to an industry source familiar with the project, about 300
Ph.D.-carrying reservists would work from home computers that would be
tied into high-speed communications links. DOD has budgeted $10 million to
jump-start the effort, the source said.Dan Kuehl, chairman of the
Information Operations Department of the Information Resources Management
College of the National Defense University, said, "There are no clear-cut
answers" as to who should be responsible for domestic infrastructure
protection. "It's a cooperative effort that requires a partnership between
the private sector and DOD."
John Pike, a defense and intelligence analyst with the Federation of
American Scientists, speculated that the new organization will be the DOD
equivalent of the new Critical Infrastructure Assurance Office, which
spearheads multiple-agency efforts to develop better policies, processes,
procedures and systems to detect and deter attacks, or the National
Infrastructure Protection Center, which tracks and analyzes electronic
attacks.
However, although DOD "has a lot of infrastructure that needs protecting,"
it is not clear exactly what the department will be doing, Pike
said.Martin Libicki, a senior fellow at the National Defense University
who specializes in information warfare, said he is not sure what the
department will be doing either.
"[DOD] may be [planning to conduct] indications and warning [procedures],
but I can't believe we have an I&W methodology in place yet," he said.
"Weaknesses [in the network infrastructure] cannot be easily fixed by the
federal government." Hamre told conference attendees that DOD is
considering several other IT initiatives to improve domestic defense.
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: New Dimensions International [www.newdimensions.net]
Received on Tue Jul 21 17:14:06 1998