The nation’s top military officer said the United States lacks a strategy for cybersecurity, and data integrity remains one of the biggest security concerns for the Defense Department.
Speaking today at a conference on disruptive military technologies, sponsored by the Atlantic Council, Joint Chiefs Chairman Gen. Martin Dempsey warned the nation remains unprepared for a major cyber-attack.
“We have sectors in our nation that are more ready than others, but we don’t have a coherent cyber-strategy as a nation,” Dempsey said. “And I understand why. There’s some big issues involved with achieving that kind of coherence, [including] issues related to privacy and cost, information sharing and all of the liabilities that come in the absence of legislation to incentivize information sharing.”
But while DOD has made significant progress enhancing its own cybersecurity posture, it’s not only the potential for adversaries to conduct denial of service attacks or destroy data that has Dempsey concerned.
“I worry equally about the corruption of data,” he said. “The corruption of data from a military perspective is actually more alarming than the denial of data, because denial of data you can work around. But corruption of data causes you to lose confidence in your systems.”
Dempsey said he keeps a PowerPoint slide on his desk to remind himself to think about cyber daily. The slide depicts the dashboard of a car. “And on the dashboard, you can see that the car is in park, but the speedometer is reading 120 mph. And that’s possible. It’s a fact. The corruption of the data in a car’s computer is possible and can be accessed through the network in which the car lives,” Dempsey said, referring to roadside assistance services like General Motors’ OnStar.
Data integrity is of particular concern to the military because of its dependence on accurate information for precision munitions, navigation and time. “All of our systems rely upon that,” Dempsey said.
“Much of what I think we’re grappling with today is can we trust the ones and zeros,” said Arati Prabhakar, director of the Defense Advanced Research Projects Agency. “It might be about computers and networking, it might be about embedded systems. If you can hack a speedometer, then you should assume that unless we have done something to avoid it that our embedded military systems, too, can be compromised.”
Prabhakar, who also spoke at the Atlantic Council conference, said researchers are still in the early stages of finding ways to improve trust in both data and the networks that carry it. But DARPA is investing heavily in “a new breed of cybersecurity technologies” that will focus on data integrity and trust, she said.
One potentially radical transformation DARPA is working on now is advanced technology that may be able to eliminate DOD’s reliance on the GPS of satellites for position, navigation and timing. DOD’s dependence on GPS creates a potential vulnerability when an adversary is able to jam, compromise or disrupt GPS signals.
“Some of these are using beautiful new advanced atomic physics, putting those new advanced scientific capabilities into small packages so that we can have the precision and accuracy for position information and timing information,” Prabhakar said.
DARPA launched its development program in microtechnology for precision, navigation and timing in January 2010. Since then, DARPA researchers at the University of Michigan have developed a prototype device that contains a highly-accurate master clock, three gyroscopes and three accelerometers into a single miniature system, smaller than the size of a penny.