Risk
3/12/2013
02:27 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Budget Fight Threatens U.S. Cyber Command's Growth

Cyber Command commander Gen. Keith Alexander says sequestration will lead to furloughs; wider budget conflict will delay efforts to strengthen Cyber Command.

Military Drones Present And Future: Visual Tour
Military Drones Present And Future: Visual Tour
(click image for larger view and for slideshow)
The military unit charged with defending the United States in cyberspace will have to furlough a third of its workforce as a result of across-the-board budget cuts forced by sequestration, and is seeing its development held back by Congressional failure to pass a budget, Cyber Command commander Gen. Keith Alexander said Tuesday.

Testifying before the Senate Armed Services Committee, Alexander said that because a third of Cyber Command's workforce is civilian, the organization could be hard hit by one-day-a-week civilian furloughs that military officials have said will begin in late April. Military personnel are exempt from the cuts.

"By singling out the civilian workforce for furloughs, we've done a great injustice," Alexander said. "We're trying to get people to leave industry to come work for us, but now that they're furloughed, they're asking if they made the right decision. That's a big impact across our workforce."

[ The Department of Defense faces big challenges in keeping the nation safe from cyber attack. Read U.S. Cybersecurity Status Weak, Reports Charge. ]

Sequestration isn't the only source of the pinch on Cyber Command. Congressional failure to pass a fiscal 2013 budget means that Cyber Command must operate under a continuing resolution that holds the organization to its fiscal 2012 budget. That holds up a quarter of Cyber Command's proposed budget, which, Alexander said, will hinder Cyber Command's continued development and negatively affect the organization's ability to do the technical training necessary to defend in cyberspace.

In particular, Alexander said that failure to pass the fiscal 2013 budget could delay the creation of a number of "cyber mission teams" of offensive and defensive cyber specialists that Alexander analogized to Army battalions and Navy squadrons, capable of acting on their own.

The budget woes come with Cyber Command a relatively new unit dependent on new funding to improve its capabilities, having just reached full operating capacity in late 2010. Cyber Command has plans to continue to develop its capabilities and to add thousands of new workers to its payroll.

The woes also come with cybersecurity an ever-increasing government priority. In separate remarks before the Senate Intelligence Committee, director of national intelligence James Clapper listed cyber attacks first in his annual threat assessment to Congress, a change of pace from the previous decade in which terrorism was regularly listed first.

Alexander said that Secretary of Defense Chuck Hagel is considering elevating Cyber Command to be a Unified Combatant Command, a move that would solidify cybersecurity as a priority of the highest order for the military. Cyber Command is currently part of U.S. Strategic Command, which holds responsibility for a mix of functional missions ranging from military space operations to missile defense.

Alexander said in his remarks that state-sponsored cyber hackers are exploiting critical infrastructure networks "on a scale amounting to the greatest unwilling transfer of wealth in history." In a speech Monday, President Obama's national security advisor, Tom Donilon, called cyber espionage coming from China "unprecedented" and said that "the international community cannot tolerate such activity from any country." China has since said that it is open to "dialogue" with the United States on cybersecurity.

The Enterprise Connect conference program covers the full range of platforms, services and applications that comprise modern communications and collaboration systems. Hear case studies from senior enterprise executives, as well as from the leaders of major industry players like Cisco, Microsoft, Avaya, Google and more. Register for Enterprise Connect 2013 today with code IWKPREM to save $200 off a conference pass or get a free Expo Pass. It happens March 18-21 in Orlando, Fla.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
John Foley
50%
50%
John Foley,
User Rank: Apprentice
3/13/2013 | 3:03:45 PM
re: Budget Fight Threatens U.S. Cyber Command's Growth
You kind of get the feeling that it will take a serious, high-impact cybersecurity failure within federal government and, to the point of this article, DOD before the widening gap between problem and solution is addressed. All signs indicate that cyber threats and events continue to rise, while funding is moving in the opposite direction. The feds have gotten pretty good at "doing more with less," but it's unclear how well that approach works when it comes to cybersecurity. Looks like we'll find out in the months ahead.
J. Nicholas Hoover
50%
50%
J. Nicholas Hoover,
User Rank: Apprentice
3/13/2013 | 3:06:31 PM
re: Budget Fight Threatens U.S. Cyber Command's Growth
To your point, John, there were a few things I left out of my article. Alexander, in listing reasons why comprehensive cybersecurity legislation should be passed soon, explicitly expressed a concern that it will take a major cyber attack against American critical infrastructure before Congress acts, and that then, Congress will overreact and pass bad legislation.
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
3/16/2013 | 4:48:15 AM
re: Budget Fight Threatens U.S. Cyber Command's Growth
There's something that comes to mind here from my days in consulting - you can upgrade on your time or you can upgrade in the middle of the house burning down around you. Given the choice, which is going to make more sense?

From a strategic point of view, if I were to be running an organization attacking US cyber targets, I wouldn't be waging a high-intensity attack when the furloughs begin - low-intensity that takes a lot of effort to uncover would pay off more in the long run, especially if you happen to know that all of these assets are being furloughed on Fridays.

It makes perfect sense, to me, to rattle sabres at China and then start dismantling the workforce protecting the country. Ridiculous...

Andrew Hornback
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6090
Published: 2015-04-27
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix...

CVE-2014-6092
Published: 2015-04-27
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause...

CVE-2015-0113
Published: 2015-04-27
The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation...

CVE-2015-0174
Published: 2015-04-27
The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVE-2015-0175
Published: 2015-04-27
IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.