William Marion, chief technology officer for U.S. Air Force Space Command, speaks May 6 during the 2014 C4ISR Conference in Arlington, Va. (Rob Curtis / Staff)
As the Pentagon looks toward the future of cyber warfare, it needs to ensure its data remains protected from outside sources during military operations, according to a top US Air Force official.
“Fundamentally, if we don’t trust our data, that is the worst thing that can occur,” William Marion, chief technology officer for Air Force Space Command, said May 19, during a panel kicking off the cyber 1.4 portion of the 30th National Space Symposium in Colorado Springs, Colorado.
“That data trust perspective, I think we need to invest more in.”
With growing Air Force reliance on high-tech precision weaponry and automated systems, protecting the integrity of the targeting data coming into the system is vital, Marion said.
“What’s actually worse than a service denial is really, do you trust your data,” he said. “Do you know where that missile is going? Do you know that the fleet is going in the right direction?”
That means better protection from outside sources, but it also means keeping a close eye on the supply chain, where vulnerabilities could be inserted early in the process, Jeffrey Snyder, vice president of cyber programs at Raytheon, said.
“Who are the primary subcontractors? Who are the second- and third-tier subcontractors? Where are the components manufactured? Are they real or are they counterfeit? Are there exploitation vulnerabilities that are built into those components by a nation state,” Snyder asked.
“All of that is just so critical to the nation today that the issue is a big problem. How do you test every component that goes into a major system to ensure that it has minimal exploitation vulnerabilities? The testing process itself is going to be very vulnerable and very significant.”
The panelists also discussed the May 20 announcement that the Department of Justice was charging five officers in the Chinese People’s Liberation Army with 31 criminal counts of hacking and cyber espionage against six American companies
Marion called the indictments “a very positive thing,” while Snyder noted that the country needs to always be aware of the threat to intellectual capital.
The indictments are a big first step toward combating such attacks, but now the US government needs to follow through with strong action, said Tracy Gray, who works data protection issues with the law firm Holland & Hart.
“It has to be a strong enough enforcement action and it needs to stick in order for it to be effective,” Gray said. “Putting it out there and not giving the strong enough message will make this likely fade away. It will depend on what happens now that the indictments have been issued.”