Pentagon on manual mission to build nation-wide security database
Scorecard to list hackable ICBMs, office fridges
US Defence bureaucrats are bashing numbers into a database in a bid to develop what the agency hopes will become an automated security scorecard, assessing vulnerability exposure across the country's networks and weapons systems.
The scorecard is at present a manual effort to help identify vulnerabilities and propose the means to mitigate and patch.
It will be handled by some of a pool of 6,200 Defence staffers being established in 133 information security response teams across the agency that will hit operational capability by the end of next year.
Those teams have been rolling out since 2013 under what Defence has dubbed a "four-year sprint".
Some units are being put to work before being fully set-up to hasten the effort.
The scorecard is being led by Pentagon chief information officer Terry Halvorsen.
It was developed after agency testing chief Michael Gilmore issued a report this year noting that almost every major US weapons system contained vulns.
Air Force Lieutenant General James McLaughlin, deputy commander of US Cyber Command, told the Billington Cybersecurity Summit the information security threats the units will deal with are "dire". He said:
In some cases, we're employing these units before they're even at initial operating capability when they have recognisable units that can function because the need for them is so dire.
We're aggressively putting capability in the fight.
The scorecard will first focus on old networked weapons systems designed without information security in mind.
The Pentagon's Halvorsen told the conference that the US military was highly dependant on information technology and therefore the most vulnerable to network attacks.
Cheap attacks can wreak costly damages, he said.
"Right now, we are on the wrong side of that cyber-economic curve," Halvorsen added.
The officials spoke of the need to change culture in the agency such that it was focused more on information security. ®