The United States is at risk of falling behind its enemies in the field of cybersecurity, military leaders said this week.
The comments come after an unclassified server of the Pentagon’s Joint Chiefs was penetrated this month by a state-affiliated hacker believed to be Russian or Chinese. That incident, Defense Secretary Ash Carter told Defense One, “is evidence that we’re not doing as good as we need to do in job one in cyber, which is defending our own networks.
“Our military is empowered by and also dependent upon networks for its effective operations. So, we have to be good, and I would say we have to be better at network defense than we are now,” Carter continued. He also said he was trying “to encourage interest in our nation and a back-and-forth of people” between the public and private sectors “so that our people have the benefit of getting to know the technology, the culture, and the business practices and so forth of the commercial sector, and we draw the commercial sector into the great mission of helping us protect the nation.”
Speaking at a conference in Augusta, Ga., on Tuesday, Army Cyber Command chief Lt. Gen. Edward Cardon struck a similar note. “As far as we have come over the past decade, I still think we are near the beginning of what is truly possible,” Cardon said. “However, the window to accomplishing our potential in a proactive manner is closing.”
“This is not a unique Army problem,” Cardon continued. “It is a joint problem and I would argue even a national security issue.”
Agencies like the Federal Bureau of Investigation, National Security Agency, Department of Homeland Security and Cyber Command have all had a difficult time competing with the private sector in trying to attract new cybersecurity recruits. Analysis published by The Hill this week summarizes some of the common difficulties agencies face in trying to recruit employees, which include lackluster pay (an average of $24,000-$33,000 less for cybersecurity workers in the federal government than for those in the private sector), hiring time (which can take months), and a workplace culture that often conflicts with the lifestyles of prospective applicants.
“I have to hire a great workforce to compete with those cyber criminals and some of those kids want to smoke weed on the way to the interview,” FBI Director James Comey said last year.
Cardon went on to list those who were seeking to outpace the U.S. in cybersecurity.
“Whether it is the Russians in the Ukraine, [the Islamic State] in the Middle East, North Koreans here in our own country or China in the South China Sea, our adversaries are merging information capabilities to achieve operational and even strategic effects,” he said. “The question is: Can we adapt? Do we have the will to intellectually converge?”
Carter said he tried to remain realistic in his analysis of the threat posed by America’s cyber foes. “I myself have tried to be very candid throughout about my own assessments of the counter-ISIL campaign,” he said. “I also expect candor on the part of everybody else. That’s the only way that we can know what we’re doing, how we’re doing, and win.”
“We, starting with the president, but all of us need the most candid information and the most accurate information in order to make the kind of decisions that will lead most rapidly to victory. I expect that of everyone in the department,” Carter continued.
Other U.S. officials have echoed a similar refrain with regard to enemies like the Islamic State. Attorney General Loretta Lynch said in July the prospect that “foreign enemies might develop [the] capacity” to penetrate American cyber defenses “is the thing that keeps me and many of my colleagues in law enforcement up at night.”
However, Western forces may have had at least one victory in the area of cybersecurity this week. The Wall Street Journal reported on Thursday that Junaid Hussain, also known as Abu Hussain al-Britani, a hacker affiliated with the Islamic State, was believed to have been killed in a drone strike in Syria on Tuesday.
