The US Department of Defense spent more than US$100 million in the last six months responding to and repairing damage from cyber attacks and other computer network problems, military leaders said on Tuesday.
Air Force General Kevin Chilton, who heads US Strategic Command, said the military is only beginning to track the costs, which are triggered by constant daily attacks against military networks ranging from the Pentagon to bases around the country.
“The important thing is that we recognize that we are under assault from the least sophisticated — what I would say the bored teenager — all the way up to the sophisticated nation-state, with some pretty criminal elements sandwiched in-between,” said Chilton, adding that the motivations include everything from vandalism to espionage. “This is indeed our big challenge, as we think about how to defend it.”
Army Brigadier General John Davis, deputy commander for network operations, said the money was spent on manpower, computer technology and contractors hired to clean up after both external probes and internal mistakes. Strategic Command is responsible for protecting and monitoring the military’s information grid, as well as coordinating any offensive cyber warfare on behalf of the US.
Officials would not say how much of the US$100 million cost was due to outside attacks against the system, versus viruses and other problems triggered accidentally by Department of Defense employees. And they declined to reveal any details about suspected cyber attacks against the Pentagon by other countries, such as China.
Speaking to reporters from a cyberspace conference in Omaha, Nebraska, the military leaders said the US needs to invest more money in the military’s computer capabilities, rather than pouring millions into repairs.
“You can either pay me now or you can pay me later,” Davis said. “It would be nice to spend that money proactively ... rather than fixing things after the fact.”
Officials said that while there has been a lot of anecdotal evidence on the spending estimate, they only began tracking it last year and are still not sure they are identifying all the costs related to taking computer networks down after a problem is identified.
The Pentagon has acknowledged that its vast computer network is scanned or probed by outsiders millions of times each day. Last year a cyber attack forced the Department of Defense to take up to 1,500 computers off line. And last year the Department of Defense banned the use of external computer flash drives because of a virus threat officials detected on the Pentagon networks.
The cost updates come as US President Barack Obama’s administration is completing a broad government-wide review of the nation’s cybersecurity.