Military acquisition rules hamper U.S. ability to counter cyber threats

COLORADO SPRINGS, Colo. Mon May 19, 2014 11:28pm EDT

U.S. Attorney General Eric Holder (2nd L) announces the indictments of five Chinese nationals on cyber espionage charges for allegedly stealing trade secrets from American companies, during a news conference at the Justice Department in Washington May 19, 2014. REUTERS/Keith Lane

U.S. Attorney General Eric Holder (2nd L) announces the indictments of five Chinese nationals on cyber espionage charges for allegedly stealing trade secrets from American companies, during a news conference at the Justice Department in Washington May 19, 2014.

Credit: Reuters/Keith Lane

Related Topics

COLORADO SPRINGS, Colo. (Reuters) - U.S. military experts on Monday said current acquisition rules hamper their ability to respond quickly to a growing number of cyber attacks against U.S. weapons and computer networks and new approaches are needed.

Kristina Harrington, director of the signals intelligence directorate at the National Reconnaissance Office (NRO), said acquisition programs typically take about two years to initiate and execute, but rapidly changing threats in the cyber domain require a different approach.

"The current acquisition process is not fast enough to keep up with the speed (of the threat)," Harrington said at a space and cyber conference hosted by the Space Foundation. "Two years after we started is too late in the cyber industry."

Harrington and other government and industry speakers underscored their concerns about growing and increasingly sophisticated attacks on U.S. computer networks and said the Pentagon was working hard to beef up cybersecurity.

Their comments came the same day that the U.S. government charged five Chinese military officers, accusing them of hacking into American nuclear, metal and solar companies to steal trade secrets, These are the first criminal hacking charges filed by Washington against specific foreign individuals.

Harrington told reporters after the panel that the NRO, which designs, builds and operates U.S. spy satellites for the U.S. military and intelligence communities, was looking at using umbrella contracts with a range of companies that would give it more flexibility to order specific work as threats arose.

She said the agency was historically focused on buying, fielding and operating the best satellites in the world, but the ground networks used to operate them needed more attention because they were increasingly complex and had become a growing target of cyber attacks.

She said she understood that lawmakers need to carefully oversee acquisition programs, but said rapid changes in the cyber world meant the government needed more flexibility to respond than the current acquisition system offered.

U.S. weapons programs are subject to many complex regulations and oversight processes aimed at addressing the cost

overruns, schedule delays and other issues that have plagued defense acquisition programs for decades.

Harrington and other officials argue that the cyber domain is fundamentally different and requires different rules than those applied to fighter jets, warships and missiles.

"We need to be looking at a different way of doing things," Harrington said during her panel discussion, adding that private industry was increasingly driving change in the cyber realm.

William Marion, chief technology officer for Air Force Space Command, said the Pentagon had undertaken a comprehensive review of cybersecurity issues across the department and was beginning to make changes, but current acquisition rules and oversight still slowed its ability to respond.

Executives at smaller companies say the Pentagon's bureaucracy also makes it difficult for them to bid for cybersecurity contracts, which tend to be dominated by big firms like Boeing Co, Lockheed Martin Corp and Raytheon Co.

(Reporting by Andrea Shalal; Editing by Matt Driskill)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (4)
nose2066 wrote:
So they want to speed up the acquisition of new software before all of the new bugs can be discovered and corrected?

The most fundamental control method is “segregation of duties”. That applies to individual pieces of computer equipment. That means that if a computer contains sensitive information, that computer is NOT used for surfing the net. It’s NOT rocket science.

May 19, 2014 12:36am EDT  --  Report as abuse
Government getting in its own way and tripping over it. Bureaucracy.

May 20, 2014 2:05am EDT  --  Report as abuse
CountryPride wrote:
Isn’t Holder too busy running guns to Mexican drugs cartels and getting our citizens killed by these same guns to be worried about this?

May 20, 2014 7:49am EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.