Risk
3/12/2013
02:27 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Budget Fight Threatens U.S. Cyber Command's Growth

Cyber Command commander Gen. Keith Alexander says sequestration will lead to furloughs; wider budget conflict will delay efforts to strengthen Cyber Command.

Military Drones Present And Future: Visual Tour
Military Drones Present And Future: Visual Tour
(click image for larger view and for slideshow)
The military unit charged with defending the United States in cyberspace will have to furlough a third of its workforce as a result of across-the-board budget cuts forced by sequestration, and is seeing its development held back by Congressional failure to pass a budget, Cyber Command commander Gen. Keith Alexander said Tuesday.

Testifying before the Senate Armed Services Committee, Alexander said that because a third of Cyber Command's workforce is civilian, the organization could be hard hit by one-day-a-week civilian furloughs that military officials have said will begin in late April. Military personnel are exempt from the cuts.

"By singling out the civilian workforce for furloughs, we've done a great injustice," Alexander said. "We're trying to get people to leave industry to come work for us, but now that they're furloughed, they're asking if they made the right decision. That's a big impact across our workforce."

[ The Department of Defense faces big challenges in keeping the nation safe from cyber attack. Read U.S. Cybersecurity Status Weak, Reports Charge. ]

Sequestration isn't the only source of the pinch on Cyber Command. Congressional failure to pass a fiscal 2013 budget means that Cyber Command must operate under a continuing resolution that holds the organization to its fiscal 2012 budget. That holds up a quarter of Cyber Command's proposed budget, which, Alexander said, will hinder Cyber Command's continued development and negatively affect the organization's ability to do the technical training necessary to defend in cyberspace.

In particular, Alexander said that failure to pass the fiscal 2013 budget could delay the creation of a number of "cyber mission teams" of offensive and defensive cyber specialists that Alexander analogized to Army battalions and Navy squadrons, capable of acting on their own.

The budget woes come with Cyber Command a relatively new unit dependent on new funding to improve its capabilities, having just reached full operating capacity in late 2010. Cyber Command has plans to continue to develop its capabilities and to add thousands of new workers to its payroll.

The woes also come with cybersecurity an ever-increasing government priority. In separate remarks before the Senate Intelligence Committee, director of national intelligence James Clapper listed cyber attacks first in his annual threat assessment to Congress, a change of pace from the previous decade in which terrorism was regularly listed first.

Alexander said that Secretary of Defense Chuck Hagel is considering elevating Cyber Command to be a Unified Combatant Command, a move that would solidify cybersecurity as a priority of the highest order for the military. Cyber Command is currently part of U.S. Strategic Command, which holds responsibility for a mix of functional missions ranging from military space operations to missile defense.

Alexander said in his remarks that state-sponsored cyber hackers are exploiting critical infrastructure networks "on a scale amounting to the greatest unwilling transfer of wealth in history." In a speech Monday, President Obama's national security advisor, Tom Donilon, called cyber espionage coming from China "unprecedented" and said that "the international community cannot tolerate such activity from any country." China has since said that it is open to "dialogue" with the United States on cybersecurity.

The Enterprise Connect conference program covers the full range of platforms, services and applications that comprise modern communications and collaboration systems. Hear case studies from senior enterprise executives, as well as from the leaders of major industry players like Cisco, Microsoft, Avaya, Google and more. Register for Enterprise Connect 2013 today with code IWKPREM to save $200 off a conference pass or get a free Expo Pass. It happens March 18-21 in Orlando, Fla.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
3/16/2013 | 4:48:15 AM
re: Budget Fight Threatens U.S. Cyber Command's Growth
There's something that comes to mind here from my days in consulting - you can upgrade on your time or you can upgrade in the middle of the house burning down around you. Given the choice, which is going to make more sense?

From a strategic point of view, if I were to be running an organization attacking US cyber targets, I wouldn't be waging a high-intensity attack when the furloughs begin - low-intensity that takes a lot of effort to uncover would pay off more in the long run, especially if you happen to know that all of these assets are being furloughed on Fridays.

It makes perfect sense, to me, to rattle sabres at China and then start dismantling the workforce protecting the country. Ridiculous...

Andrew Hornback
InformationWeek Contributor
J. Nicholas Hoover
50%
50%
J. Nicholas Hoover,
User Rank: Apprentice
3/13/2013 | 3:06:31 PM
re: Budget Fight Threatens U.S. Cyber Command's Growth
To your point, John, there were a few things I left out of my article. Alexander, in listing reasons why comprehensive cybersecurity legislation should be passed soon, explicitly expressed a concern that it will take a major cyber attack against American critical infrastructure before Congress acts, and that then, Congress will overreact and pass bad legislation.
John Foley
50%
50%
John Foley,
User Rank: Apprentice
3/13/2013 | 3:03:45 PM
re: Budget Fight Threatens U.S. Cyber Command's Growth
You kind of get the feeling that it will take a serious, high-impact cybersecurity failure within federal government and, to the point of this article, DOD before the widening gap between problem and solution is addressed. All signs indicate that cyber threats and events continue to rise, while funding is moving in the opposite direction. The feds have gotten pretty good at "doing more with less," but it's unclear how well that approach works when it comes to cybersecurity. Looks like we'll find out in the months ahead.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2003-1598
Published: 2014-10-01
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.

CVE-2011-4624
Published: 2014-10-01
Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.

CVE-2012-0811
Published: 2014-10-01
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files gene...

CVE-2014-2640
Published: 2014-10-01
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2014-2641
Published: 2014-10-01
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Chris Hadnagy, who hosts the annual Social Engineering Capture the Flag Contest at DEF CON, will discuss the latest trends attackers are using.