Relevant links are at the bottom of this post.
The idea of a catastrophic IT security event has captured cyber policy wonks’ imaginations through the term “Cyber Pearl Harbor.” And while some have railed against the term’s use as fear mongering, the Defense Department’s IT lead thinks such an event is not only plausible, but probable.
“Is there the potential for a Cyber Pearl Harbor? Probably,” said DoD Chief Information Officer Terry Halvorsen during an Oct. 29 breakfast discussion in Washington, D.C., hosted by Christian Science Monitor.
“I think it depends on what scale of engagement you’re talking about,” he said.
While not quite as spectacular, Halvorsen said the normal, everyday state of cyber is also alarming.
“Phase zero, I think, there will be persistent cyber probing. They’ll be persistent testing of cyber threat technology. I think that is something we’re going to live with,” he said during the event.
Completely secure networks are possible, said Halvorsen; however, they would require the department to unplug everything and disconnect in a way that would make getting work done impossible. In that way, cybersecurity is really risk management.
“This is a balance, you know. It always is a balance and it’s a balance across time, money, mission, threat, and it’s getting that right,” he said.
Much of DoD’s work relies on industry, and the department has benefited from private sector investment in cybersecurity. Halvorsen added that American industry has a history of responding well to DoD’s needs.
“We have industry with us on the forward edge,” said Halvorsen.