In a sobering assessment, the Defense Department’s Jim Miller said more than 100 foreign spy agencies were working to gain access to U.
S. computer systems, as were criminal organizations.
Terrorist groups also had cyber attack capabilities, it was claimed.
“Our systems are probed thousands of times a day and scanned millions of times a day,” said Miller, principal deputy under secretary of defense for policy.
He said the evolving cyber threat had “outpaced our ability to defend against it.”
“We are experiencing damaging penetrations – damaging in the sense of loss of information. And we don’t fully understand our vulnerabilities,” he said.
His comments came as the Obama administration develops a national strategy to secure U.S. digital networks and the Pentagon stands up a new military command for cyber warfare capable of both offensive and defensive operations.
The Senate last week confirmed National Security Agency Director Keith Alexander to lead the “Cyber Command,” and Miller suggested the organization had its work cut out for it.
Among its challenges are determining what within the spectrum of cyber attacks could constitute an act of war.
Miller said the U.S. government also needed to bolster ties with private industry, given potential vulnerabilities to critical U.S. infrastructure, like power grids and financial markets.
Bank loses US$10m in one hit
Hackers have already penetrated the U.S. electrical grid and have stolen intellectual property, corporate secrets and money, according to the FBI’s cybercrime unit. In one incident, a bank lost US$10 million in cash in a day.
“The scale of compromise, including the loss of sensitive and unclassified data, is staggering,” Miller said. “We’re talking about terabytes of data, equivalent to multiple libraries of Congress.”
The Library of Congress is the world’s largest library, archiving millions of books, photographs, maps and recordings.
U.S. officials have previously said many attempts to penetrate its networks appear to come from China.
Google cites China-based attacks
Google announced in January that it, along with more than 20 other companies, had suffered hacking attacks that were traced to China. Google cited those attacks and censorship concerns in its decision to move its Chinese-language search service from mainland China to Hong Kong.
Miller took an example from the Cold War playbook to explain how the United States military would need to prepare for fallout from a cyber attack, which could leave cities in the dark or disrupt communications.
In the 1980s, the Pentagon concluded that the military needed to prepare to operate in an environment contaminated by the use of weapons of mass destruction.
“We have similar situation in this case. We need to plan to operate in an environment in which our networks have been penetrated and there is some degradation,” he said.
One of the challenges Miller singled out was the development of enough U.S. computer programmers in the future.
“In the next 20 to 30 years, other countries including China and India will produce many more computer scientists than we will,” he said. “We need to figure out how to not only recognize these trends but take advantage of them.”