Risk

3/12/2013
02:27 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Budget Fight Threatens U.S. Cyber Command's Growth

Cyber Command commander Gen. Keith Alexander says sequestration will lead to furloughs; wider budget conflict will delay efforts to strengthen Cyber Command.

Military Drones Present And Future: Visual Tour
Military Drones Present And Future: Visual Tour
(click image for larger view and for slideshow)
The military unit charged with defending the United States in cyberspace will have to furlough a third of its workforce as a result of across-the-board budget cuts forced by sequestration, and is seeing its development held back by Congressional failure to pass a budget, Cyber Command commander Gen. Keith Alexander said Tuesday.

Testifying before the Senate Armed Services Committee, Alexander said that because a third of Cyber Command's workforce is civilian, the organization could be hard hit by one-day-a-week civilian furloughs that military officials have said will begin in late April. Military personnel are exempt from the cuts.

"By singling out the civilian workforce for furloughs, we've done a great injustice," Alexander said. "We're trying to get people to leave industry to come work for us, but now that they're furloughed, they're asking if they made the right decision. That's a big impact across our workforce."

[ The Department of Defense faces big challenges in keeping the nation safe from cyber attack. Read U.S. Cybersecurity Status Weak, Reports Charge. ]

Sequestration isn't the only source of the pinch on Cyber Command. Congressional failure to pass a fiscal 2013 budget means that Cyber Command must operate under a continuing resolution that holds the organization to its fiscal 2012 budget. That holds up a quarter of Cyber Command's proposed budget, which, Alexander said, will hinder Cyber Command's continued development and negatively affect the organization's ability to do the technical training necessary to defend in cyberspace.

In particular, Alexander said that failure to pass the fiscal 2013 budget could delay the creation of a number of "cyber mission teams" of offensive and defensive cyber specialists that Alexander analogized to Army battalions and Navy squadrons, capable of acting on their own.

The budget woes come with Cyber Command a relatively new unit dependent on new funding to improve its capabilities, having just reached full operating capacity in late 2010. Cyber Command has plans to continue to develop its capabilities and to add thousands of new workers to its payroll.

The woes also come with cybersecurity an ever-increasing government priority. In separate remarks before the Senate Intelligence Committee, director of national intelligence James Clapper listed cyber attacks first in his annual threat assessment to Congress, a change of pace from the previous decade in which terrorism was regularly listed first.

Alexander said that Secretary of Defense Chuck Hagel is considering elevating Cyber Command to be a Unified Combatant Command, a move that would solidify cybersecurity as a priority of the highest order for the military. Cyber Command is currently part of U.S. Strategic Command, which holds responsibility for a mix of functional missions ranging from military space operations to missile defense.

Alexander said in his remarks that state-sponsored cyber hackers are exploiting critical infrastructure networks "on a scale amounting to the greatest unwilling transfer of wealth in history." In a speech Monday, President Obama's national security advisor, Tom Donilon, called cyber espionage coming from China "unprecedented" and said that "the international community cannot tolerate such activity from any country." China has since said that it is open to "dialogue" with the United States on cybersecurity.

The Enterprise Connect conference program covers the full range of platforms, services and applications that comprise modern communications and collaboration systems. Hear case studies from senior enterprise executives, as well as from the leaders of major industry players like Cisco, Microsoft, Avaya, Google and more. Register for Enterprise Connect 2013 today with code IWKPREM to save $200 off a conference pass or get a free Expo Pass. It happens March 18-21 in Orlando, Fla.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
John Foley
50%
50%
John Foley,
User Rank: Apprentice
3/13/2013 | 3:03:45 PM
re: Budget Fight Threatens U.S. Cyber Command's Growth
You kind of get the feeling that it will take a serious, high-impact cybersecurity failure within federal government and, to the point of this article, DOD before the widening gap between problem and solution is addressed. All signs indicate that cyber threats and events continue to rise, while funding is moving in the opposite direction. The feds have gotten pretty good at "doing more with less," but it's unclear how well that approach works when it comes to cybersecurity. Looks like we'll find out in the months ahead.
J. Nicholas Hoover
50%
50%
J. Nicholas Hoover,
User Rank: Apprentice
3/13/2013 | 3:06:31 PM
re: Budget Fight Threatens U.S. Cyber Command's Growth
To your point, John, there were a few things I left out of my article. Alexander, in listing reasons why comprehensive cybersecurity legislation should be passed soon, explicitly expressed a concern that it will take a major cyber attack against American critical infrastructure before Congress acts, and that then, Congress will overreact and pass bad legislation.
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
3/16/2013 | 4:48:15 AM
re: Budget Fight Threatens U.S. Cyber Command's Growth
There's something that comes to mind here from my days in consulting - you can upgrade on your time or you can upgrade in the middle of the house burning down around you. Given the choice, which is going to make more sense?

From a strategic point of view, if I were to be running an organization attacking US cyber targets, I wouldn't be waging a high-intensity attack when the furloughs begin - low-intensity that takes a lot of effort to uncover would pay off more in the long run, especially if you happen to know that all of these assets are being furloughed on Fridays.

It makes perfect sense, to me, to rattle sabres at China and then start dismantling the workforce protecting the country. Ridiculous...

Andrew Hornback
InformationWeek Contributor
Printers: The Weak Link in Enterprise Security
Kelly Sheridan, Associate Editor, Dark Reading,  10/16/2017
20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA,  10/16/2017
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Bill Bradley, SVP, Cyber Engineering and Technical Services, CenturyLink,  10/17/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.