The Department of Defense is capability-limited, both offensively and defensively, in fighting cyber attacks, DARPA Acting Director Ken Gabriel said Tuesday during a Senate Armed Services subcommittee hearing on emerging threats and capabilities with other DOD cybersecurity leaders.
“Our approach to cybersecurity is dominated by a strategy that layers security onto a uniform architecture,” Gabriel said. “This approach … is not convergent with a growing and evolving threat. That’s the defensive picture.”
President Obama’s fiscal 2013 Pentagon budget request includes a $3.4 billion investment in cyber activities, of which $486 million is dedicated to science and technology investments, said Zachary Lemnios, assistant secretary of defense for research and engineering.
This investment is significant, he added, given the department’s complex set of cybersecurity responsibilities and challenges.
“We started in computer network defense years ago with the perimeter defense strategy — a firewall strategy. We then moved to an environment where we have on the commercial side embedded agents that look at network traffic,” he said.
Eventually, Lemnios said, “we’re moving to a point where no longer will we be looking for particular attacks, but we will be designing systems on the commercial side that morph automatically — actually change their features and operating roles to respond to threats before the threats present themselves.”
