Adam Stone

For USA Today

With hackers probing the vulnerabilities of military networks at an astounding rate, the Pentagon is stepping up its war on cyber threats.

“Every conflict in the world today has a cyber dimension,” said Navy Adm. Michael S. Rogers, commander of U.S. Cyber Command, in testimony before a congressional subcommittee last year, adding that hackers probe military networks’ vulnerabilities “thousands of times every year.”

In a document in April on its cyber strategy, the Department of Defense described its military networks as a compelling target on the cyber landscape. The military network is “a patchwork of thousands of networks across the globe, and DOD lacks the visibility and organizational structure required to defend its diffuse networks effectively,” the DOD stated.

Finding cybersecurity solutions is challenging: Bad actors in cyberspace move fast, leaving government defenders playing a perpetual game of catch-up. But DOD agencies and others in government have joined forces, breaking down old silos in order to work in closer coordination.

The push for an effective unification of military cyber defenses began in 2009 with the launch of U.S. Cyber Command (Cybercom), a body tasked with coordinating all cyber efforts of the U.S. military. That command is nearly at full strength, Rogers told a House Armed Services Committee panel last March.

“We have a target of about 6,200 personnel in 133 teams, with the majority achieving at least initial operational capability by the end of fiscal year 2016,” said Rogers, who is also director of the National Security Agency (NSA). These teams, drawn from all the armed services, are known collectively as the “cyber mission force.”

In January 2015, DOD went a step further with the creation of a new Joint Force Headquarters (JFHQ), which will handle the operational work of cyber defense, freeing up Cyber Command leadership to focus on strategic thinking.

The organization will “mount an active defense of (military networks), securing their key cyber terrain and being prepared to neutralize any adversary who manages to bypass their perimeter defenses,” Rogers said.

The Pentagon is backing cyber defense in a big way, with a cybersecurity budget that has grown from $3.9 billion in 2013 to an estimated $5.5 billion in fiscal year 2016.

DOD released a new cyber strategy in April, citing goals that included building and maintaining the force and capability for cyberspace operations, and defending DOD, the U.S. and U.S. interests.

Cyber attacks can involve a variety of targets and goals, including theft of personal data, attacks on the nation’s infrastructure and manipulation of information. A direct hit to the military can even involve the theft of blueprints and other critical documents with sensitive information.

“Any time new weapons systems come online, those become points of emphasis,” said Todd Thibodeaux, CEO of the technology industry group CompTIA. “Why do the stealth fighters (that) the Chinese put in place look so much like the ones we are building?”

Documents leaked by former NSA contractor Edward Snowden suggest that plans for the Pentagon’s F-35 stealth fighter jet were, in fact, hacked by China, which was first reported in Germany’s Der Spiegel magazine in 2015.

Experts say close coordination is vital in the effort to defend an entity as sprawling and complex as the U.S. defense networks.

“The challenge is in trying to make a cohesive enterprise environment from what has grown up as independent, service-related, specific architectures with no overarching security profile,” said retired Rear Adm. Robert E. Day Jr., the former commander of Coast Guard Cyber Command and present head of cyber consulting firm Bob Day & Associates. “There are just so many pieces to it.”

Cybercom is developing the in-house tools it needs to respond swiftly to changing attack vectors, because bad actors often adapt their strategies faster than developers can generate responses.

To that end, Cybercom has brought on board its own software developers in order to work around the lengthy military acquisitions process and speed the pace of response, said Maj. Gen. Paul Nakasone, commander of U.S. Cyber Command’s Cyber National Mission Force, at a recent gathering of the Association of the United States Army.

Planners are also reaching outside government for solutions. In October, Cybercom issued a request for proposals on the government purchasing site FedBizOpps. gov. The five-year, $460 million solicitation seeks industry support to unify Cybercom resources, centralize cyberspace operations and support the armed services’ infrastructure to safeguard against cyber attacks.

In an effort intended to benefit national defense in a number of ways, including cybersecurity, the DOD is working to forge ties with cutting-edge tech players in Silicon Valley, Calif.

DOD recently opened the Defense Innovation Unit-Experimental facility at Moffett Field in California. With partners from across all military branches, the research facility’s team of active duty, civilian and key reserve personnel aims to build strong technology development ties to innovators in Silicon Valley and beyond.

As a bridge between the private sector and DOD, the innovation unit will scout for breakthrough and emerging technologies that could further the defense mission.

Program managers already are looking at novel technologies in underwater mapping, and taking note of companies that are putting into orbit small, highly capable, satellites, DOD has reported.

“DOD has not had a great deal of luck going to Silicon Valley in the past because defense acquisitions are very difficult to master,” said Martin Libicki, senior management scientist at the RAND Corp., a nonprofit research organization. “It’s a huge timesink to try to figure out how to conform to federal acquisition requirements.”

In an April speech at Stanford University in Palo Alto, Calif., Secretary of Defense Ashton B. Carter spoke of the need to work with the private sector.

“I’ve been pushing the Pentagon to think outside our five-sided box, and invest in innovation here in Silicon Valley and in tech communities across the country,” said Carter, who also met with tech industry leaders there, including Facebook executives. “Now we’re taking another step forward.”

Carter revealed a previously undisclosed Russian effort to hack a DOD network (repelled by department cyber defenders) and discussed the need for teamwork when it comes to cyber defense.

“To build our vital cyber force, we’re going to need to use new ways to attract talent through new private-sector exchange programs that let people from outside contribute to our mission and then return here to the valley,” he said.

Carter encouraged the private sector to become a “key player” in the cyber fight. When it comes to cybersecurity, “we’re going to have to work together on this one,” he said.

ON ALERT

U.S. Army Cyber Command, a service element of U.S. Cyber Command, announced in July that it had launched its Cyber Support to Corps and Below (CSCB) pilot program, which trains brigade combat teams to protect and defend themselves against cyber attacks and to operate in a degraded cyberspace environment.

— Matt Alderton