Pentagon Creating Cyber Warfare CommandPentagon Creating Cyber Warfare Command

On the heels of new reports of hackers breaking into sensitive government systems, the Pentagon plans a military command focused exclusively on cyberwarfare, according to reports.

In interviews, current and former officials confirmed ongoing discussions to create such a command, but were short on details. The Department of Defense had no comment on a Wall Street Journal report that said the command would be headed by a four-star military official and would initially be part of the Pentagon's Strategic Command.

Though information technology has historically been managed separately by each of the military branches, Strategic Command has recently taken over some of the mantle for technology as the military has embarked on its strategy of "net-centric warfare."

"We really have to defend as an enterprise, even if we have to perform as separate entities," one Pentagon cybersecurity official said in an interview. "Now we have Strategic Command standing up and saying, 'We're in charge.' " Recently, the Air Force backed off plans for its own cybersecurity command.

Recent reports said that hackers had stolen terabytes of sensitive -- albeit unclassified -- data on systems that are part of the Air Force's $300 billion Joint Strike Fighter project and accessed the Air Force's air traffic control systems. One former official said hackers have exfiltrated sensitive data on other systems in the past, with at least one notable series of incidents in 2007.

According to reports, the data on the Joint Strike Fighter project was stolen from one of the private military contractors working on the program. The Department of Defense has created a task force to help secure their systems because the insecurity of the systems of Pentagon partners was posing "a serious problem," according to one current official.

Last week, Secretary of Defense Robert Gates testified that the military had spent $100 million on cybersecurity in the last six months alone responding to attacks, which are on the rise. Federal agencies reported to the U.S. Computer Emergency Readiness Team that they had been victims of 18,050 cybersecurity attacks in fiscal 2008, more than triple the number from 2006. Though a new cybercommand might break down silos inside the Defense Department that may hinder a cogent sense of direction on cybersecurity, it would still be but one of several national security authorities on the issue.

The Department of Homeland Security has much of the authority over cybersecurity, but it's also broken down among the National Security Agency, the Defense Information Systems Agency, and the Pentagon itself. It's unclear what role the Defense Department's cybersecurity command would play, but The Wall Street Journal said it would support the Department of Homeland Security.

It's also unclear how the Pentagon's cybersecurity efforts would relate to and interact with normal computer network operations and maintenance at the Defense Department.

"The intelligence culture is different than the security culture, which is different than a network operations culture," cautioned Rod Beckstrom, former director of the National Cyber Security Center at the Department of Homeland Security. Beckstrom himself resigned last month in the midst of a cybersecurity turf war with the NSA.

However, even simply unifying cybersecurity efforts in the military would be a start. "DOD has a lot of rice bowls in cybersecurity that can confound unity of purpose," Greg Garcia, who served as assistant secretary of cybersecurity and communications at the Department of Homeland Security under President George W. Bush, said in an e-mail.

information Analytics has published an independent analysis on government IT priorities. Download the report here (registration required).