Risk
3/12/2013
02:27 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Budget Fight Threatens U.S. Cyber Command's Growth

Cyber Command commander Gen. Keith Alexander says sequestration will lead to furloughs; wider budget conflict will delay efforts to strengthen Cyber Command.

Military Drones Present And Future: Visual Tour
Military Drones Present And Future: Visual Tour
(click image for larger view and for slideshow)
The military unit charged with defending the United States in cyberspace will have to furlough a third of its workforce as a result of across-the-board budget cuts forced by sequestration, and is seeing its development held back by Congressional failure to pass a budget, Cyber Command commander Gen. Keith Alexander said Tuesday.

Testifying before the Senate Armed Services Committee, Alexander said that because a third of Cyber Command's workforce is civilian, the organization could be hard hit by one-day-a-week civilian furloughs that military officials have said will begin in late April. Military personnel are exempt from the cuts.

"By singling out the civilian workforce for furloughs, we've done a great injustice," Alexander said. "We're trying to get people to leave industry to come work for us, but now that they're furloughed, they're asking if they made the right decision. That's a big impact across our workforce."

[ The Department of Defense faces big challenges in keeping the nation safe from cyber attack. Read U.S. Cybersecurity Status Weak, Reports Charge. ]

Sequestration isn't the only source of the pinch on Cyber Command. Congressional failure to pass a fiscal 2013 budget means that Cyber Command must operate under a continuing resolution that holds the organization to its fiscal 2012 budget. That holds up a quarter of Cyber Command's proposed budget, which, Alexander said, will hinder Cyber Command's continued development and negatively affect the organization's ability to do the technical training necessary to defend in cyberspace.

In particular, Alexander said that failure to pass the fiscal 2013 budget could delay the creation of a number of "cyber mission teams" of offensive and defensive cyber specialists that Alexander analogized to Army battalions and Navy squadrons, capable of acting on their own.

The budget woes come with Cyber Command a relatively new unit dependent on new funding to improve its capabilities, having just reached full operating capacity in late 2010. Cyber Command has plans to continue to develop its capabilities and to add thousands of new workers to its payroll.

The woes also come with cybersecurity an ever-increasing government priority. In separate remarks before the Senate Intelligence Committee, director of national intelligence James Clapper listed cyber attacks first in his annual threat assessment to Congress, a change of pace from the previous decade in which terrorism was regularly listed first.

Alexander said that Secretary of Defense Chuck Hagel is considering elevating Cyber Command to be a Unified Combatant Command, a move that would solidify cybersecurity as a priority of the highest order for the military. Cyber Command is currently part of U.S. Strategic Command, which holds responsibility for a mix of functional missions ranging from military space operations to missile defense.

Alexander said in his remarks that state-sponsored cyber hackers are exploiting critical infrastructure networks "on a scale amounting to the greatest unwilling transfer of wealth in history." In a speech Monday, President Obama's national security advisor, Tom Donilon, called cyber espionage coming from China "unprecedented" and said that "the international community cannot tolerate such activity from any country." China has since said that it is open to "dialogue" with the United States on cybersecurity.

The Enterprise Connect conference program covers the full range of platforms, services and applications that comprise modern communications and collaboration systems. Hear case studies from senior enterprise executives, as well as from the leaders of major industry players like Cisco, Microsoft, Avaya, Google and more. Register for Enterprise Connect 2013 today with code IWKPREM to save $200 off a conference pass or get a free Expo Pass. It happens March 18-21 in Orlando, Fla.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
3/16/2013 | 4:48:15 AM
re: Budget Fight Threatens U.S. Cyber Command's Growth
There's something that comes to mind here from my days in consulting - you can upgrade on your time or you can upgrade in the middle of the house burning down around you. Given the choice, which is going to make more sense?

From a strategic point of view, if I were to be running an organization attacking US cyber targets, I wouldn't be waging a high-intensity attack when the furloughs begin - low-intensity that takes a lot of effort to uncover would pay off more in the long run, especially if you happen to know that all of these assets are being furloughed on Fridays.

It makes perfect sense, to me, to rattle sabres at China and then start dismantling the workforce protecting the country. Ridiculous...

Andrew Hornback
InformationWeek Contributor
J. Nicholas Hoover
50%
50%
J. Nicholas Hoover,
User Rank: Apprentice
3/13/2013 | 3:06:31 PM
re: Budget Fight Threatens U.S. Cyber Command's Growth
To your point, John, there were a few things I left out of my article. Alexander, in listing reasons why comprehensive cybersecurity legislation should be passed soon, explicitly expressed a concern that it will take a major cyber attack against American critical infrastructure before Congress acts, and that then, Congress will overreact and pass bad legislation.
John Foley
50%
50%
John Foley,
User Rank: Apprentice
3/13/2013 | 3:03:45 PM
re: Budget Fight Threatens U.S. Cyber Command's Growth
You kind of get the feeling that it will take a serious, high-impact cybersecurity failure within federal government and, to the point of this article, DOD before the widening gap between problem and solution is addressed. All signs indicate that cyber threats and events continue to rise, while funding is moving in the opposite direction. The feds have gotten pretty good at "doing more with less," but it's unclear how well that approach works when it comes to cybersecurity. Looks like we'll find out in the months ahead.
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5242
Published: 2014-10-21
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.

CVE-2012-5243
Published: 2014-10-21
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.

CVE-2012-5702
Published: 2014-10-21
Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to i...

CVE-2013-7406
Published: 2014-10-21
SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2531
Published: 2014-10-21
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) R...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.