By Lisa Ferdinando DoD News, Defense Media Activity
WASHINGTON, October 29, 2015 — The Defense Department needs
to change its cyber culture to protect its networks from the relentless threat
from hackers, the department's chief information officer said today.
"I get a question all the time: 'What keeps me awake?'
I think most people expect me to answer it's security or it's dollars. It's
neither of those things. It's culture," Terry Halvorsen told a reporters
breakfast here hosted by The Christian Science Monitor.
The Internet is an "important part of our business, an
important part of our culture, but you have to go there with the right rules
and right understandings," he said.
DoD has to establish a "culture of cyber
discipline," he said, because the attacks against the agency networks are
constant. "There’s not a time when I’m not being attacked somewhere in the
world," he said.
With hackers generally out of the public's view, he
explained, "I think it's easy for people to forget that there are bad
actors out there."
Understanding Cyber Economics
Good cyber defenses include a combination of tools, culture,
and training and education, Halvorsen said. "It's really also educating
leaders at every level what their responsibilities are and what they need to
know," he added.
The Defense Department needs to change its cyber economics
as well, Halvorsen said.
"It is much less expensive for someone to attack us
than it is for us to defend, and we got to turn that around,” he explained.
“Today, we are really on the wrong side of that piece."
Cyber is a relatively new warfare, he noted. As with any
domain, such as aviation or nuclear, it takes time to build and secure, he
said. A big difference in cyber, he told the reporters, is that it moves faster
than any other warfare area.
"That's a challenge," he said. "We're in the
midst of having to make some major culture changes."
DoD is working to automate as much of its cyber security as
it can, to get to where the defenses “self-learn” and take actions to stop or
quarantine an attack, he said.
An enterprise culture is also needed, the Pentagon’s CIO
said. "Cyber is forcing us to think different about that," he added.
"Unlike other areas, cyber truly is enterprise, because it's
connected."
Industry Partnership
For the first time, the Defense Department is putting
civilians in private information technology companies for six months, and private
IT company personnel are doing tours at DoD, Halvorsen said. During World War
II it was not uncommon, he said, for people to move back and forth between
private and government jobs, and to have industry partners working on
government projects.
The government could benefit greatly from a partnership with
private IT firms, he said. Smaller companies could partner up with larger firms
to help with scalability for government projects, the CIO noted.
A constant issue Halvorsen said he faces is that people will
present him with a computer technology that has been tested for 25,000 people.
"They get mad when I say, 'Well that's good. Now you have to test it for
about a million, so I can know that it will scale.'"
Posts
No comments:
Post a Comment