Joint Chiefs hack illustrates insufficient cyber defense
Joint Chiefs of Staff Chairman Gen. Joseph Dunford said the hack "clearly highlighted for me...that whatever investments we've made in cyber defense to date have not gotten us to where we need to be."
Gen. Joseph Dunford said he would devote some time as Joint Chiefs chairman to enhancing the Pentagon's ability to deter adversaries in cyberspace.
The July hack of the Joint Chiefs of Staff's unclassified email network showed that the Defense Department's investments in cybersecurity have been insufficient, said Joint Chiefs Chairman Gen. Joseph Dunford.
The hack, which news reports have attributed to Russian spear phishers, "clearly highlighted for me...that whatever investments we've made in cyber defense to date have not gotten us to where we need to be, and that needs to be an area of continued investment as we move forward," Dunford said Dec. 14 at a Center for a New American Security/Defense One event in Washington.
"When you have that kind of a vulnerability...you really don't have the kind of resilience you need to provide the president with options in the event of a contingency to advance our interests," Dunford added.
After his appearance, the general declined to elaborate on what cybersecurity measures he has put into effect since the email breach. He assumed command Oct. 1, two months after the breach was reported.
The hack forced the Joint Chiefs' unclassified email system off-line for two weeks and drew scrutiny of the staff's security practices. The hackers took advantage of encrypted traffic that the Joint Chiefs were not decrypting and inspecting, a former intelligence official familiar with the network has told FCW. Moreover, the hackers could have been targeting the unclassified network in part because classified data occasionally spills onto it, the former official said.
The Pentagon's cybersecurity budget for fiscal 2015 was $4.97 billion, and it would rise to $5.5 billion under the fiscal 2016 budget request, according to documentation provided by the DOD CIO's office.
Dunford made cybersecurity a policy focus in his previous role as commandant of the Marine Corps; in January, he issued guidance to the Corps that highlighted cybersecurity as a critical domain in which to build capacity.
In his Dec. 14 remarks, Dunford said he would devote some time as Joint Chiefs chairman to enhancing the Pentagon's ability to deter adversaries in cyberspace.
"Clearly, we have challenges in cyber not only to protect ourselves, but also the development of offensive cyber capabilities," he said, adding that "cyber deterrence is an area we probably need to spend some time on."