In line with an agreement between the department secretaries last fall and a recently released White House proposal, the Defense Department is sharing cybersecurity information, capabilities and expertise with the Homeland Security Department, a Pentagon official said today.
Robert J. Butler, deputy assistant secretary of defense for cyber policy, was among four senior officials who testified before the Senate Committee on Homeland Security and Governmental Affairs today about the Obama administration’s legislative proposal to protect the nation’s computer networks.
Under the plan, Homeland Security would lead the effort to protect Americans, the nation’s critical infrastructure and the federal government’s computer networks. The Defense Department would retain protections over its “dot-mil” domain, but would work in close collaboration DHS and the departments of Justice and Commerce to better safeguard cyberspace.
“Just as our reliance on critical infrastructure has grown, so have the threats,” Butler told the committee, adding that the military is “critically dependent” on the civilian power generation grid, telecommunications, transportation and other sectors run on computer networks.
Cyber attacks have become so pervasive as to create “a real possibility of a large-scale attack on any of our nation’s critical infrastructure,” Butler said.
“The status quo [in cybersecurity] is no longer acceptable — not when there is so much at stake,” he said. “We can, and we will, do better.”
Committee members and government witnesses described cybersecurity as a Wild West of uncoordinated efforts struggling to stay ahead of rapidly growing and increasingly sophisticated threats to the nation’s security and economy. The administration’s proposal — requested by Congress members faced with dozens of pieces of cybersecurity legislative proposals — would give legal authority to the appropriate agencies to better coordinate cybersecurity.
Some 2 billion people worldwide use the Internet, and an estimated $1 trillion is lost annually to cyber crimes, committee members said. Congress and U.S. executive departments, they added, are the target of about 1.8 billion cyber attacks per month.
Protecting computer networks requires a “whole of government” approach, Butler said, and the Defense and Homeland Security departments already are doing that. Defense Secretary Robert M. Gates and Homeland Security Secretary Janet Napolitano laid the foundation for the collaboration in October with their agreement to share operational planning and technical development, he said.
Since then, Butler said, the collaboration has grown into joint coordination at U.S. Cyber Command and the National Security Agency at Fort Meade, Md., and the sharing of information, capabilities, and employees.
Philip Reitinger, undersecretary of homeland defense for national protection and programs, said Homeland Security, Defense Department and National Security Agency officials meet regularly and have weekly teleconferences to coordinate cybersecurity.
“We each bring unique things to the table,” he said. “DOD has unparalleled technical expertise and cyber expertise. In DHS, we’ve built up our own expertise, working broadly across agencies.”
Homeland Security will stay “operationally synched” with the Defense Department, and both departments and NSA will deploy cyber experts to work at each others’ sites, Reitinger said.
To ensure a steady supply of cyber experts in the future, Butler said, the Defense Department supports various high school and college competitions such as the CyberPatriot, which the Air Force Association began as an annual competition in 2009, as well as coaching and mentoring programs in cybersecurity.
“This is not only about today, it’s also about tomorrow,” he said. “Secretary Gates has made this a big priority.”