The Pentagon was one of the first government departments to embrace the practice of connecting sensitive networks, power weapons and expensive equipment by using the Internet. While the practice was a sign of forward thinking at the time, the Pentagon is now experiencing troubles that were not anticipated in those early years.
The connectivity between all of these networks and equipment has an enormous number of benefits, but it also comes with risks. The Defense Department is exposed to many vulnerabilities as a result of being online.
Admiral Michael Rogers, commander of Cyber Command, told the Senate Armed Services Committee that, “We are trying to overcome decades of a thought process . . . where we assumed that the development of our weapon systems that external interfaces, if you will, with the outside world were not something to be overly concerned with. They represented opportunity for us to remotely monitor activity, to generate data as to how aircraft, for example, or ships’ hulls were doing in different sea states around the world. [These are] all positives if you’re trying to develop the next generation of cruiser [or] destroyer for the Navy.”
Rogers also pointed out that along with those opportunities come risks. The reality is that adversaries are developing systems and strategies based on stealing Pentagon data. This is illustrated by the fact that China has stolen some of this information and subsequently created the J-31 fighter, which many experts describe as a cheap version of the United States F-35.
Rogers told the committee that, “That’s where we find ourselves now. So one of the things I try to remind people is: it took us decades to get here. We are not going to fix this set of problems in a few years. We have to prioritize it, figure out where is the greatest vulnerability.”
Also present at the committee hearing was Deputy Defense Secretary Robert Work. He told committee members that the Pentagon’s chief weapons buyer, Frank Kendall, was evaluating virtually every weapon in the United States arsenal to understand the “hackability” of each one. Work promised that he expected the job to be completed in the very near future.
Work also acknowledged that the current list of vulnerabilities faced by the Pentagon is “a big, big problem,” and added that, “Most of the weapons systems that we have today were not built to withstand a concerted cyber threat.”
Work provided a list of things that the Pentagon was trying to accomplish in order to reduce risks and vulnerabilities. When referring to transitioning to smaller computing networks as opposed to larger networks, he stated that, “We’re going from 15,000 enclaves to less than 500. We’re going from 1,000 defendable firewalls to less than 200, somewhere between 50 and 200.”