General Martin Dempsey, Chairman of the Joint Chiefs of Staff, made clear yesterday in a speech to the Brookings Institution that the military, government, and private sector each has a role to play in hardening the U.S. against cyberattacks.
General Dempsey also called out the maintainers of privately owned critical infrastructure systems for their indisposition toward information sharing and urged them to do a better job of letting the government know about the threats they face.
“One of the most important ways we can strengthen cyber security across the private sector is by sharing threat information,” he said. “Right now, threat information primarily runs in one direction—from the government to operators of critical infrastructure. Very little information flows back to the government. This must change. We can’t stop an attack we can’t see.”
Sharing information with the government is something of a touchy subject given recent revelations regarding the National Security Agency’s all-encompassing PRISM surveillance program. The General made a point to differentiate intelligence gathering from threat-information sharing, explaining that the former is designed to collect intelligence in order to foil terrorist attacks while the latter has to do with sharing data about malware, and is a necessary course of action to protect the integrity of the nation’s critical infrastructure.
“We cannot allow these separate debates to become conflated. The reality is that every day adversaries are injecting malware into our networks. The worst of this malware is equivalent to cyber bullets and bombs. We must share what it looks like so we can stop it before it detonates.”
General Dempsey told the Brookings Institution that information sharing was just one defense against attacks and that quelling the cyber-problem altogether would require a dynamic defense, including legislation aimed at improving network security standards, and initiating diplomatic efforts to establish precedents of responsible behavior in this emerging arena.
The Chairman of the Joint Chiefs didn’t merely point fingers, but looked within as well. He admitted that the Department of Defense operates on a head-spinning, bureaucratic entanglement of some 15,000 networks. He went on to claim that the Pentagon is consolidating “this sprawling mass of IT” into a common set of cloud-based enterprise services. General Dempsey also announced that the military is in the process of developing a secure 4G wireless network that will rope iPads, iPhones, and Android devices into the DoD network infrastructure by mid-2014.
He then showed the crowd his secure mobile phone prototype and proclaimed: “This phone would make both Batman and James Bond jealous.”