Pentagon Plans Massive Increase in Cybersecurity Teams

As the Senate pushes for legislation to improve information-sharing on threats and attacks and President Barack Obama prepares to issue an executive order on cybersecurity, the Department of Defense is looking for a massive increase in the number of trained cybersecurity personnel helping to defend the country’s private and public networks.

PentagonAs the Senate pushes for legislation to improve information-sharing on threats and attacks and President Barack Obama prepares to issue an executive order on cybersecurity, the Department of Defense is looking for a massive increase in the number of trained cybersecurity personnel helping to defend the country’s private and public networks.

The number of security people working on these assignments right now is difficult to home in on, as many of them are employed by agencies that don’t discuss much about their operations publicly. Also, some of the security people are dual-tasked and don’t focus on just one assignment. However, officials from the Department of Defense–along with federal legislators–have been pushing for more funding to hire more trained security professionals.

Now, that push seems to be paying dividends. The Pentagon is planning to increase the number of security professionals from fewer than 1,000 to about 5,000 in the next few years, according to The Washington Post. Those personnel will comprise both military and civilian security professionals, and they will be tasked with defending the country’s critical infrastructure as well as government and military networks.

The news comes just a few days after Janet Napolitano, secretary of the Department of Homeland Security, warned that a nation-level incident of the scale of 9/11 could occur sometime soon as a result of a cyber attack. Napolitano is not the first to warn about the possibility of such an attack, but is rather the latest in a long line of government officials, presidential advisers and security experts to raise that specter. Security researchers also have warned in recent years about serious vulnerabilities in the SCADA and ICS systems that run much of the network infrastructure in utilities, financial systems and other critical areas.

Recently, Aaron Portnoy, one of the founders of Exodus Intelligence, found more than 20 vulnerabilities in SCADA systems with just a morning’s worth of work. And in October, DHS officials warned the operators of SCADA systems about an increase in the level of malicious activity targeting those systems.

“Asset owners should not assume that their control systems are secure or that they are not operating with an Internet accessible configuration. Instead, asset owners should thoroughly audit their networks for Internet facing devices, weak authentication methods, and component vulnerabilities,” the alert said.

The new plan from the Pentagon contemplates the creation of several separate groups of cybersecurity personnel, each with a different set of responsibilities. One group will be tasked with defending the networks used by critical infrastructure entities such as utilities. Another team will be responsible for defensive and offensive military operations in cyberspace, and the third group will work on fortifying the DoD’s networks, the Post says.

All of the groups will report up to the U.S. Cyber Command, a relatively new arm of the military that is headed by Gen. Keith Alexander, the director of the National Security Agency. One of the major challenges this plan will face is the shortage of skilled security personnel. Private enterprises have been running up against this problem for several years now, and they have the advantage of being able to pay more than government agencies can.

Suggested articles

Discussion

  • Anonymous on

    If they are serious about Cyber ,and getting talent then maybe they should think about not using the LPTA contracts. All they get is low quality staff at rock bottom rates to keep chairs warm. CyberCom wants talent, then pay for it - make your contracts best value. Contractors are getting tired of govt contracts with overly complex responses, only to see the selection criteria based entirely on cost, no execution risk, no past performance requirements, no cost realism. Thats completely insane.  

     

    The government has no problem pushing out millions at year end to clear the books, but heaven forbid if they base a contract of such importance to best value. Cybercom just did this exact thing.

     

    Lets not start talking about how many of these contracts are clearly wired.  

     

    The companies with the strong players tend to move towards commercial leaving the govt with b players at best.  The government is not trying to solve a problem, they are trying to keep their budget lines and see some growth while rolling over the defense partners.

     

    Remember the defense industrial base is not paving streets, or cutting lawns. We are providing guys with advanced degrees in mathematics, comp sci, engineering that have lived through flame, duqu, stux, red october, and other much more heinous APT type of malware. Guys that code, understand networks, can develop algo's to do better detection of the hard to find. Guys that reverse in their sleep, and can span the CNO functional spectrums. Those guys doesn’t come at 40$ an hour and wont work 5 12 hour shifts.

     

    They are trying to keep and expand their budgets and take out of the hide of the Defense contractors behind.

     

    I rather work my commercial engagements.

     

     

     

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.