By Calvin Biesecker
Deputy Defense Secretary William Lynn yesterday said the Pentagon is seeking to add about $500 million to its cyber security research activities and is also expanding its cooperation with private industry so that the Defense Department can better learn commercial information technology practices for cyber security.
The additional research funds are focused in areas such as cloud computing, virtualization and encrypted processing, Lynn said at the annual RSA Conference in San Francisco. Funding will also go for pilot projects that meet industry and government needs too, he said.
“Through our ‘Cyber Accelerator’ pilot, we are also providing seed capital for companies do develop dual-use technologies that serve our cyber security needs,” Lynn said.
It’s important that these technologies that are being developed make it into DoD computers and networks faster, Lynn said. Currently, it takes DoD 81 months to field a new computer system whereas as Apple‘s [AAPL] iPhone was developed in two years, he said.
“That is less time than it takes us to prepare a budget and receive congressional approval for it,” Lynn said. “This means I get permission to start a project at the same time Steve Jobs is talking on his new iPhone. It’s not a fair trade. We have to close this gap. Silicon Valley can help us.”
To help close that gap, Lynn said that DoD will expand its Information Technology Exchange Program for which a pilot project is just beginning. This program allows for the exchange of IT and cyber security professionals between industry and government.
“We want senior IT managers in the department to incorporate more commercial practices,” Lynn said. “And we want seasoned industry professionals to experience first-hand the unique challenges we face at DoD.”
Lynn also announced a program to make better use of cyber expertise in the National Guard and Reserve, which have troops and sailors that work in the civilian IT world, by increasing the “number of Guard and Reserve units that have a dedicated cyber mission.”
The call for more public-private cooperation combined with increased spending on cyber security comes as the nation faces increasingly more sophisticated and potentially dangerous cyber attacks.
“Our cyber strategy recognizes that we are in the midst of a strategic shift in the cyber threat,” Lynn said. “The threat is moving up a ladder of escalation, from exploitation to disruption to destruction.”
The most frequent attacks have been efforts to exploit networks, which is stealing information and data from government and commercial networks, Lynn said. Disruptive attacks have appeared more recently, such as denial of service attacks against Estonia and against eBay and Paypay, he said.
Destructive attacks, which would be the most dangerous, haven’t occurred but are emerging, Lynn said. Such attacks could cause economic or physical damage, he said.
Lynn called for a greater amount of cooperation between the public and private sectors to prepare and defend the nation against cyber attacks. More information sharing and cooperation between the two sectors is necessary, he said.