Risk
3/12/2013
02:27 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Budget Fight Threatens U.S. Cyber Command's Growth

Cyber Command commander Gen. Keith Alexander says sequestration will lead to furloughs; wider budget conflict will delay efforts to strengthen Cyber Command.

Military Drones Present And Future: Visual Tour
Military Drones Present And Future: Visual Tour
(click image for larger view and for slideshow)
The military unit charged with defending the United States in cyberspace will have to furlough a third of its workforce as a result of across-the-board budget cuts forced by sequestration, and is seeing its development held back by Congressional failure to pass a budget, Cyber Command commander Gen. Keith Alexander said Tuesday.

Testifying before the Senate Armed Services Committee, Alexander said that because a third of Cyber Command's workforce is civilian, the organization could be hard hit by one-day-a-week civilian furloughs that military officials have said will begin in late April. Military personnel are exempt from the cuts.

"By singling out the civilian workforce for furloughs, we've done a great injustice," Alexander said. "We're trying to get people to leave industry to come work for us, but now that they're furloughed, they're asking if they made the right decision. That's a big impact across our workforce."

[ The Department of Defense faces big challenges in keeping the nation safe from cyber attack. Read U.S. Cybersecurity Status Weak, Reports Charge. ]

Sequestration isn't the only source of the pinch on Cyber Command. Congressional failure to pass a fiscal 2013 budget means that Cyber Command must operate under a continuing resolution that holds the organization to its fiscal 2012 budget. That holds up a quarter of Cyber Command's proposed budget, which, Alexander said, will hinder Cyber Command's continued development and negatively affect the organization's ability to do the technical training necessary to defend in cyberspace.

In particular, Alexander said that failure to pass the fiscal 2013 budget could delay the creation of a number of "cyber mission teams" of offensive and defensive cyber specialists that Alexander analogized to Army battalions and Navy squadrons, capable of acting on their own.

The budget woes come with Cyber Command a relatively new unit dependent on new funding to improve its capabilities, having just reached full operating capacity in late 2010. Cyber Command has plans to continue to develop its capabilities and to add thousands of new workers to its payroll.

The woes also come with cybersecurity an ever-increasing government priority. In separate remarks before the Senate Intelligence Committee, director of national intelligence James Clapper listed cyber attacks first in his annual threat assessment to Congress, a change of pace from the previous decade in which terrorism was regularly listed first.

Alexander said that Secretary of Defense Chuck Hagel is considering elevating Cyber Command to be a Unified Combatant Command, a move that would solidify cybersecurity as a priority of the highest order for the military. Cyber Command is currently part of U.S. Strategic Command, which holds responsibility for a mix of functional missions ranging from military space operations to missile defense.

Alexander said in his remarks that state-sponsored cyber hackers are exploiting critical infrastructure networks "on a scale amounting to the greatest unwilling transfer of wealth in history." In a speech Monday, President Obama's national security advisor, Tom Donilon, called cyber espionage coming from China "unprecedented" and said that "the international community cannot tolerate such activity from any country." China has since said that it is open to "dialogue" with the United States on cybersecurity.

The Enterprise Connect conference program covers the full range of platforms, services and applications that comprise modern communications and collaboration systems. Hear case studies from senior enterprise executives, as well as from the leaders of major industry players like Cisco, Microsoft, Avaya, Google and more. Register for Enterprise Connect 2013 today with code IWKPREM to save $200 off a conference pass or get a free Expo Pass. It happens March 18-21 in Orlando, Fla.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
John Foley
50%
50%
John Foley,
User Rank: Apprentice
3/13/2013 | 3:03:45 PM
re: Budget Fight Threatens U.S. Cyber Command's Growth
You kind of get the feeling that it will take a serious, high-impact cybersecurity failure within federal government and, to the point of this article, DOD before the widening gap between problem and solution is addressed. All signs indicate that cyber threats and events continue to rise, while funding is moving in the opposite direction. The feds have gotten pretty good at "doing more with less," but it's unclear how well that approach works when it comes to cybersecurity. Looks like we'll find out in the months ahead.
J. Nicholas Hoover
50%
50%
J. Nicholas Hoover,
User Rank: Apprentice
3/13/2013 | 3:06:31 PM
re: Budget Fight Threatens U.S. Cyber Command's Growth
To your point, John, there were a few things I left out of my article. Alexander, in listing reasons why comprehensive cybersecurity legislation should be passed soon, explicitly expressed a concern that it will take a major cyber attack against American critical infrastructure before Congress acts, and that then, Congress will overreact and pass bad legislation.
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
3/16/2013 | 4:48:15 AM
re: Budget Fight Threatens U.S. Cyber Command's Growth
There's something that comes to mind here from my days in consulting - you can upgrade on your time or you can upgrade in the middle of the house burning down around you. Given the choice, which is going to make more sense?

From a strategic point of view, if I were to be running an organization attacking US cyber targets, I wouldn't be waging a high-intensity attack when the furloughs begin - low-intensity that takes a lot of effort to uncover would pay off more in the long run, especially if you happen to know that all of these assets are being furloughed on Fridays.

It makes perfect sense, to me, to rattle sabres at China and then start dismantling the workforce protecting the country. Ridiculous...

Andrew Hornback
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0485
Published: 2014-09-02
S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/.

CVE-2014-3861
Published: 2014-09-02
Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted reference element within a nonXMLBody element.

CVE-2014-3862
Published: 2014-09-02
CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log.

CVE-2014-5076
Published: 2014-09-02
The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banking information via crafted intents, as demonstrated by the drozer framework.

CVE-2014-5136
Published: 2014-09-02
Cross-site scripting (XSS) vulnerability in Innovative Interfaces Sierra Library Services Platform 1.2_3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.