WASHINGTON (Reuters) - The U.S. Defense Department aims to tighten ties with its cybersecurity contractors in an effort to better protect sensitive computer networks against growing cyber threats.
The department’s use of top-level system integrators and entrepreneurs will continue to grow, along with the need for so-called “active” defenses that scan incoming code to shield network perimeters, Robert Butler, the Pentagon’s top official for cyber policy, said on Wednesday.
“And as we thread those together, what we want to do is a very very tight partnership with industry,” Butler, the deputy assistant secretary of defense for cyber policy, told reporters at a breakfast session.
One key goal, Butler said, was to cut the lag between development of new protective technology and its deployment.
He said the department also wants to promote supplier diversity, partly to guard its information technology supply chain against compromise.
The Pentagon’s biggest suppliers — including Lockheed Martin Corp, Boeing Co, Northrop Grumman Corp, BAE Systems Plc and Raytheon Co — all have big and growing cyber-related product and service lines for a market that has been estimated at $80 billion to $140 billion a year worldwide, depending on how broadly it is defined.
Butler declined to comment directly on newly expressed concerns by U.S. lawmakers about buying telecommunications hardware from companies such as Huawei Technologies Co, a China-based network equipment maker founded by a retired Chinese military officer.
“Supply chain is a big issue that we are tracking,” he said. Part of the approach involves screening to verify components and sub-components, he said. The department is also seeking to understand how manufacturing processes are taking place and to manage risks, Butler said.
A group of lawmakers including Senator Joseph Lieberman, chairman of the Senate Homeland Security Committee, asked the Federal Communications Commission on Tuesday to detail any security risks from network equipment made by Huawei and ZTE Corp, both based in Shenzhen, China.
The two “are aggressively seeking to supply sensitive equipment for U.S. telecommunications infrastructure and/or serve as operator and administrator of U.S. networks, and increase their role in the U.S. telecommunications sector through acquisition and merger,” Lieberman said in a letter also signed by Senators Jon Kyl and Susan Collins and Representative Sue Myrick.
A report commissioned by the congressionally chartered U.S.-China Economic and Security Review Commission said last year that Beijing, at odds with Washington over Taiwan arms sales among other things, appeared to be conducting “a long-term, sophisticated, computer network exploitation campaign” against the U.S. government and U.S. defense industries.
China has denied the charge, made in a survey carried out for the commission by Northrop Grumman, the Pentagon’s third-biggest supplier by sales.
Deputy Defense Secretary William Lynn, who is leading the overall effort to protect the military’s 15,000-plus computer networks, has said more than 100 foreign intelligence outfits are attempting to break in, and some “already have the capacity to disrupt” U.S. information infrastructure.
Butler cited what he called a growing threat from malicious software and “botnets,” or code that can drive automated tasks over the Internet without computers’ owners knowing.
Walling off power grids, the “defense industrial base” and other critical industries from the rest of the Internet is “one idea of a series of operating concepts that we are working through,” he said. “Over the course of the next several months, I think we’ll sort through a lot of this.”
U.S. Senator Sheldon Whitehouse, who led a task force on the cyber threat for the Senate Select Committee on Intelligence, said the private sector is an essential partner in federal efforts to boost cybersecurity, with as much as 90 percent of Internet infrastructure in private hands.
“But the government has unique capabilities against the highest-order threats, and Congress has important work to do to coordinate public and private defenses against cyber threats to our critical infrastructure,” the Rhode Island Democrat told Reuters.
Editing by Steve Orlofsky