WASHINGTON (Reuters) - Cyber attacks on U.S. weapons programs and manufacturers are a “pervasive” problem that requires greater attention, the top U.S. arms buyer said Thursday, saying that he would add cybersecurity to the Pentagon’s guidelines for buying weapons.
“It’s about the security of our weapons systems themselves and everything that touches them. It’s a pervasive problem and I think we have to pay a lot more attention to it,” Defense Undersecretary Frank Kendall told Reuters after a speech to the American Society of Naval Engineers in Washington.
Kendall said he planned to add cybersecurity to the next phase of his “better buying power” initiative, and was also working on a special section on cybersecurity requirements to be added to the Pentagon’s guidelines for buying weapons.
President Barack Obama’s fiscal 2016 budget proposal requested $14 billion for cybersecurity efforts to better protect federal and private networks from hacking threats, including $5.5 billion for the Pentagon alone.
The Defense Department’s chief weapons tester told Congress in January that nearly every U.S. weapons program showed “significant vulnerabilities” to cyber attacks, including misconfigured, unpatched and outdated software.
Kendall echoed those concerns on Thursday and said he was trying to raise awareness about what he described as a “big problem” that affected the Pentagon and all layers of industry, including the larger supply chain involved in weapons systems.
Increased funding and focus on cybersecurity could result in more work for Lockheed Martin Corp, General Dynamics Corp and other firms that already play a big role in cybersecurity, encryption and analysis for government agencies.
Kendall said some measures had already been adopted to defend U.S. weapons systems and the companies that build them against escalating cyber attacks, but more work was needed.
In January, when Kendall released the latest version of the Pentagon’s acquisition guidelines, called Department of Defense Instruction 5000.02, he said he had started work on a new section to deal with designing for and managing cybersecurity.
National Security Agency Director Admiral Mike Rogers told a House Armed Services Committee subcommittee on Wednesday that the Pentagon needed a new approach that allowed rapid, recurring updates to cyber protections for weapons, rather than locking in designs five to 10 years before they were fielded.
Kendall told the conference that the latest version of his Better Buying Power initiative would be released later this month. It too will include a section on cybersecurity, he said.
Reporting by Andrea Shalal; Editing by Chizu Nomiyama, Bernard Orr