As the Senate pushes for legislation to improve information-sharing on threats and attacks and President Barack Obama prepares to issue an executive order on cybersecurity, the Department of Defense is looking for a massive increase in the number of trained cybersecurity personnel helping to defend the country’s private and public networks.
The number of security people working on these assignments right now is difficult to home in on, as many of them are employed by agencies that don’t discuss much about their operations publicly. Also, some of the security people are dual-tasked and don’t focus on just one assignment. However, officials from the Department of Defense–along with federal legislators–have been pushing for more funding to hire more trained security professionals.
Now, that push seems to be paying dividends. The Pentagon is planning to increase the number of security professionals from fewer than 1,000 to about 5,000 in the next few years, according to The Washington Post. Those personnel will comprise both military and civilian security professionals, and they will be tasked with defending the country’s critical infrastructure as well as government and military networks.
The news comes just a few days after Janet Napolitano, secretary of the Department of Homeland Security, warned that a nation-level incident of the scale of 9/11 could occur sometime soon as a result of a cyber attack. Napolitano is not the first to warn about the possibility of such an attack, but is rather the latest in a long line of government officials, presidential advisers and security experts to raise that specter. Security researchers also have warned in recent years about serious vulnerabilities in the SCADA and ICS systems that run much of the network infrastructure in utilities, financial systems and other critical areas.
Recently, Aaron Portnoy, one of the founders of Exodus Intelligence, found more than 20 vulnerabilities in SCADA systems with just a morning’s worth of work. And in October, DHS officials warned the operators of SCADA systems about an increase in the level of malicious activity targeting those systems.
“Asset owners should not assume that their control systems are secure or that they are not operating with an Internet accessible configuration. Instead, asset owners should thoroughly audit their networks for Internet facing devices, weak authentication methods, and component vulnerabilities,” the alert said.
The new plan from the Pentagon contemplates the creation of several separate groups of cybersecurity personnel, each with a different set of responsibilities. One group will be tasked with defending the networks used by critical infrastructure entities such as utilities. Another team will be responsible for defensive and offensive military operations in cyberspace, and the third group will work on fortifying the DoD’s networks, the Post says.
All of the groups will report up to the U.S. Cyber Command, a relatively new arm of the military that is headed by Gen. Keith Alexander, the director of the National Security Agency. One of the major challenges this plan will face is the shortage of skilled security personnel. Private enterprises have been running up against this problem for several years now, and they have the advantage of being able to pay more than government agencies can.