Pentagon seeks tight ties with cyber contractors
* Foresees greater use of top-level system integrators
* Aims to cut lag between system development, deployment
* Official declines to comment on buying IT gear from China
By Jim Wolf
WASHINGTON, Oct 20 (Reuters) - The U.S. Defense Department aims to tighten ties with its cybersecurity contractors to help thwart mounting threats to sensitive networks, the Pentagon's top official for cyber policy said Wednesday.
The department's use of top-level system integrators and entrepreneurs will continue to grow along with the need for so-called "active" defenses that scan incoming code to shield network perimeters, Robert Butler, deputy assistant secretary of defense for cyber policy, told reporters at a breakfast session.
"And as we thread those together, what we want to do is a very very tight partnership with industry," he said.
One key goal, Butler said, was to cut the lag between development of new protective technology and its deployment. He said the department also wants to promote supplier diversity, partly to guard its information technology supply chain against compromise.
The Pentagon's biggest suppliers -- including Lockheed Martin Corp (LMT.N), Boeing Co (BA.N), Northrop Grumman Corp (NOC.N), BAE Systems Plc (BAES.L) and Raytheon Co (RTN.N) -- each have big and growing cyber-related product and service lines for a market that has been estimated at $80 billion to $140 billion a year worldwide, depending on how broadly it is defined.
Butler declined to comment directly on newly expressed concerns by U.S. lawmakers about buying telecommunications hardware from companies such as Huawei Technologies Co, a Shenzhen, China-based network equipment maker founded by a retired Chinese military officer.
"Supply chain is a big issue that we are tracking," he said. Part of the approach involves screening to verify components and sub-components, he said. The department is also seeking to to understand how manufacturing processes are taking place and to manage risks, Butler said.
A group of lawmakers including Senator Joseph Lieberman, chairman of the Senate Homeland Security Committee, asked the Federal Communications Commission on Tuesday to detail any security risks from network equipment made by Huawei [HWT.UL] and ZTE Corp (0763.HK)000063.SZ, another Shenzhen-based supplier.
The two "are aggressively seeking to supply sensitive equipment for U.S. telecommunications infrastructure and/or serve as operator and administrator of U.S. networks, and increase their role in the U.S. telecommunications sector through acquisition and merger," Lieberman said in a letter also signed by Senators Jon Kyl and Susan Collins plus Representative Sue Myrick.
A report commissioned by the congressionally chartered U.S.-China Economic and Security Review Commission said last year that Beijing, at odds with Washington over Taiwan arms sales among other things, appeared to be conducting "a long-term, sophisticated, computer network exploitation campaign" against the U.S. government and U.S. defense industries.
China has denied the charge, made in a survey carried out for the commission by Northrop Grumman, the Pentagon's third-biggest supplier by sales.
Butler declined to forecast future Defense Department cyber security spending. The department's goal was to spell out a strategy for securing its use of cyber space by the end of this year, he said.
Deputy Defense Secretary William Lynn, who is leading the overall effort to protect the military's 15,000-plus computer networks, has said more than 100 foreign intelligence outfits are attempting to break in.
Some "already have the capacity to disrupt" U.S. information infrastructure, Lynn wrote in the September/October issue of the journal Foreign Affairs.
Butler cited what he called a growing threat from malicious software and "botnets," or code that can cause a computer to perform automated tasks over the Internet unbeknown to its owner.
Walling off power grids, the "defense industrial base" and other critical industries from the rest of the Internet is "one idea of a series of operating concepts that we are working through," he said. "Over the course of the next several months, I think we'll sort through a lot of this." (Editing by Steve Orlofsky)