by Yochi J. Dreazen
The U.S. government is struggling to keep pace with the growing number of
attacks on its computer networks, potentially leaving key military and civilian
systems vulnerable to overseas hackers, senior U.S. officials said Tuesday.
At several hearings on Capitol Hill, officials from each branch of the armed
forces said the nation's cyber defenses were being challenged like never before
by sophisticated, well-organized efforts to disrupt important systems and steal
"Threats in cyberspace move at the speed of light, and we are literally under
attack every day as our networks are constantly probed and our adversaries
seek to exploit vulnerabilities," Lt. Gen. William Shelton, the Air force's chief
information officer, told a House Armed Services Committee panel.
The Pentagon's top information security official, Robert Lentz, said the
Defense Department detected 360 million attempts to penetrate its networks
last year, up from six million in 2006.
Then Pentagon recently disclosed that it had spend $100 million in the past six
months repairing damage from cyber attacks.
The officials declined to specify the source of the attacks, but top military
and civilian officials believe that most of the hacking attempts originate in Rus-
sia and China, which have been pouring resources into cyber espionage in recent
Then hearings come amid growing evidence that sophisticated overseas
hackers are regularly penetrating important U.S. networks. The Wall Street
Journal has reported that overseas hackers breached both the nation's elec-
tricity grid and the Pentagon's biggest weapons program, the $300 billion Joint
Still, officials warned Tuesday that federal systems remain vulnerable to at-
tack. Gregory Wilshusen, director of information security for the Government
Accountability Office, said most "federal system are not sufficiently protected to
consistently thwart cyber threats."
Lax cyber security at the Los Alamos National Lab, for example, put unclas-
sified nuclear data to risk of theft or compromise. The GAO found that, in
2008, 23 of 24 major agencies surveyed didn't have adequate computer security
protections in place.
Lawmakers at a House Energy and Commerce Committee hearing com-
pared the government's inability to protect networks and acquisitions pro-
grams to the lapses that led to the fall of Rome.
That theme continued in the House Armed Services Committee. "The Joint
Strike Fighter program highlights a vulnerability that currently exists," said
Rep. Jeff Miller, R.-Fla.Robert Carey, the Navy's chief information officer, said
defense contractors needed to do more to protect their systems from overseas
hackers. He said the attempts to steal information were "advanced, persistent,
sophisticated, always changing and well-resourced."
Gen. Alexander called for a "partnership" between the government and the
private sector. He acknowledged potential obstacles, including the difficulty of
giving private companies access to classified intelligence on specific cyber at-
tacks and possible corporate reluctance to spend the money necessary to better
protect its networks.
Many civil-liberties groups and companies are wary about giving the
government broad access to commercial systems and networks. Pending legisla-
tion would establish federal standards for key elements of private industry.
Gen. Alexander said the government was training a new generation of com-
puter network experts. In April, Defense Secretary Robert Gates said the Penta-
gon aims to quadruple the number of such staffers over time.
Still, Gen. Alexander cautioned that the current cybersecurity training efforts
for military personnel, civilian officials and contractors were "inadequate" and
"must be improved."
literal 如實的,不誇張的; 字母的
panel 壁板;鏡板, 專門小組
adequate 足夠的, 尚可的
- May 11 Mon 2009 15:11
by Yochi J. Dreazen