Pentagon wraps up new
acquisition rules to protect weapons from cyberattacks
Send a link to a friend
[March 23, 2015] By
Andrea Shalal
WASHINGTON (Reuters) - The U.S. Defense
Department is taking aggressive action to bolster the security of U.S.
weapons systems against cyberattacks, including issuing new rules for
acquisitions that will be finalized in coming months, officials told
Reuters.
|
In addition to the acquisition policy, the department is producing a
guidebook to help program managers assess the cost and risk
tradeoffs in structuring new weapons programs and making them more
secure, said Assistant Secretary of Defense Katrina McFarland.
Both documents should be completed in the fourth quarter of this
fiscal year, which ends Sept. 30, McFarland told Reuters in an
interview this week. She said officials were reviewing the documents
to avoid inadvertently pointing would-be attackers to possible
vulnerabilities.
Chief U.S. arms buyer Frank Kendall said this month cyberattacks on
U.S. weapons and manufacturers are a "pervasive" problem that
requires greater attention.
In January, the department's chief weapons tester told Congress that
nearly every U.S. arms program showed "significant vulnerabilities"
to cyberattacks, including misconfigured, unpatched and outdated
software.
Increased focus on cybersecurity could create opportunities for
Lockheed Martin Corp, General Dynamics Corp and other suppliers that
do cybersecurity work for the Pentagon.
"The threat is very, very serious," Terry Halvorsen, the Pentagon's
chief information officer, told Reuters. "We are taking very
aggressive action to counter those threats."
Halvorsen cited what he called constant, growing and increasingly
sophisticated threats from criminals, extremist groups and foreign
governments. He said cyber warfare offered attackers the possibility
of doing great harm for little cost.
He said the Pentagon was also evaluating the risk of so-called
insiders sabotaging weapons systems and had taken some "preemptive
actions" to guard against that.
McFarland said all major U.S. weapons programs had been reviewed for
cyber vulnerabilities. New programs like the Air Force long-range
bomber - to be awarded this summer - would benefit from getting the
best protections from the start.
[to top of second column] |
The new measures follow a change in federal defense acquisition
rules announced last November that require Pentagon contractors to
incorporate established security standards on the unclassified
networks that they use to communicate with suppliers, and to report
any cyberattacks that result in the loss of technical data from
those networks.
Those standards had already been in place for classified networks.
Halvorsen said some weapons systems and sectors were particularly
targeted by hackers, but gave no details.
He and McFarland declined to say if U.S. government networks or
those of private companies had suffered any attacks similar to the
attack that damaged some 30,000 computers at Saudi Arabia's national
oil company in 2012.
Admiral Mike Rogers, director of the National Security Agency and
head of U.S. Cyber Command, told lawmakers this week the United
States was at a tipping point and needed to step up its offensive
cyber capabilities.
McFarland said the guidebook would ensure that program managers and
acquisition officials did a better job sharing data about potential
threats to avoid falling prey to the same malicious software twice.
(Reporting by Andrea Shalal; Editing by Frances Kerry)
[© 2015 Thomson Reuters. All rights
reserved.] Copyright 2015 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
|