Continued from page 1

However, in both public and prepared statements to the Senate Armed Services subcommittee on emerging threats, Mr. Gabriel issued unusually blunt criticism of Pentagon cyberwarfare programs, both offensive and defensive.

As for cyberdefenses, Mr. Gabriel revealed that “attackers can penetrate our networks.”

“In just 3 days and at a cost of only $18,000, the Host-Based Security System was penetrated,” he said.

Also, password security remains a “weak link.” For example, in security tests, 53,000 passwords were given to simulated hackers and, within 48 hours, 38,000 passwords were cracked.

Also, the defense supply chain is “at risk,” Mr. Gabriel said.

“More than two-thirds of electronics in U.S. advanced fighter aircraft are fabricated in off-shore foundries,” he said.

Additionally, physical systems can be penetrated easily by hackers. In one case, a smartphone hundreds of miles away took control of a car’s drive system through a security hole in its wireless interface.

“The United States continues to spend on cybersecurity with limited increase in security,” Mr. Gabriel said. “The federal government expended billions of dollars in 2010, but the number of malicious cyberintrusions has increased.”

Mr. Gabriel said the Pentagon has used a layered approach to protecting networks from attack that is not well-suited to dealing with evolving cyberthreats.

“Malicious cyberattacks are not merely an existential threat to [Defense Department] bits and bytes. They are a real threat to physical systems, including military systems, and to U.S. warfighters,” he said. “The United States will not prevail against these threats simply by scaling our current approaches.”

Regarding offensive cyberwarfare operations, Mr. Gabriel said the Pentagon “must have the capability to conduct offensive operations in cyberspace to defend our nation, allies, and interests.”

The Pentagon needs a full range of cybertools for offensive attacks to secure national interests.

“Modern operations will demand the effective use of cyber, kinetic, and combined cyber and kinetic means,” Mr. Gabriel said. He said the shelf life for such weapons may be “days” as defenses are devised or offensive attacks thwarted.

Cyberwarfare tools also can be adapted from intelligence-gathering methods, Mr. Garbriel said.

“Rather, cyber [warfare] options are needed that can be executed at the speed, scale, and pace of our military kinetic options with comparable predicted outcomes,” he said.

Story Continues →