US Defence builds huge vulnerability checker

US Army - Wikimedia CommonsThe US Defence Department is building an electronic system to provide an overview of the vulnerabilities of the military’s computer networks, weapons systems, and installations

The deputy commander of US Cyber Command Air Force Lieutenant General Kevin McLaughlin said a framework should be out within months, with a goal of turning the system into an automated “scorecard” in coming years.

The effort grew out of a critical report about cyber threats released earlier this year by the Pentagon’s chief weapons tester.

Michael Gilmore, the Pentagon’s director of testing and evaluation, warned that nearly every major US weapons system was vulnerable to cyber-attacks.

What will be slow is that initial data entry would be done by hand, but the goal is to create a fully automated system that would help defence officials instantaneously detect and respond to cyber-attacks.

McLaughlin said nearly half of 133 planned cyber response teams had been established with about 6,200 people, and all of them would achieve an initial operational capability by the end of 2016.

The new scorecard would look at the greatest threats, including weapons systems fielded years ago before the cyber threat was fully understood.

“There’s probably not enough money in the world to fix all those things, but the question is what’s most important, where should we put our resources as we eat the elephant one bite at a time,” he said.

McLaughlin said the scorecard was initially intended to look at weapons and networks, but the Pentagon was now looking at a broader and more sophisticated approach that also accounted for how data was moved among agencies within the military.