Pentagon remains vulnerable to cyber-attacks

A senior defense official has acknowledged that the US Department of Defense (DoD) is “capability-limited” within the cyber realm.

Indeed, DARPA Acting Director Kaigham “Ken” J. Gabriel told the Senate Armed Services subcommittee on emerging threats and capabilities that attackers are currently capable of infiltrating DoD networks – putting defense supply chain and physical systems at risk.

”Our approach to cybersecurity is dominated by a strategy that layers security onto a uniform architecture. This approach is not convergent with a growing and evolving threat. That’s the defensive picture,” Gabriel explained.

“[In terms of] cyber offense, modern warfare demands the effective use of cyber and kinetic means… [Meaning], the tasks required for military purposes are sufficiently different that we cannot simply scale intelligence-based cyber capabilities and adequately serve the needs of DoD.”

According to Gabriel, while DARPA-developed technologies are widely deployed in the military, intelligence and commercial realm, much remains to be done in terms of ensuring security in a world of evolving threats.

“From our vantage point, the greatest vulnerability in cyber offense for the DoD is the lack of capabilities with proportionality, speed and diversity of effects.”

Therefore, says Gabriel, the agency recently kicked off a program it dubbed 
”Cyber Fast Track,” which taps a pool of nontraditional experts and innovators, many of whom operate in the white-hat hacker community.

“Half of our so-called cyberpunks – the group of about a half a dozen or eight program managers at DARPA – don’t have PhDs. Their skills, their capabilities, their insights are coming from their practice in the community. And frankly, it will have a shelf life,” he acknowledged.

“Like all the program managers who work at DARPA, they’ll go through the three to five years, and they’ll move on, and others will come in with a newer, different perspective. I think that’s an interesting thing about cyber. It has such a fast refresh and short shelf life that we may have opportunities for a different model of how we retain that capability.”