US automates cyber defences to offset skills crisis

The US military is seeking to automate its computer defences to compensate for a drastic shortage of infosecurity experts it can train as cyber warriors.

The US military is seeking to automate its computer defences to compensate for a drastic shortage of infosecurity experts it can train as cyber warriors.

Brigadier General Charles Shugg, deputy commander of the 24th Air Force, the US' first dedicated cyber warfare command, told Computer Weekly, "We are working to address the demand for cyber operators by automating some of what they do."

The long training pipeline and a staffing limitation in the US Department of Defence are making it difficult to find enough skilled staff, he said. Part of the solution would involve recruiting cyber experts from industry into the Air National Guard and Air Force Reserve.

Automated defences might involve backup circuits, situational awareness tools, network sensors and patch management systems. The aim was to "establish a baseline" and "enable us to pinpoint malicious activity without relying on manually-intensive processes".

Shugg said automated systems could become so effective that "the end user may not even know there's a mission going on". Personnel might then better focus their attention on those areas of cyberspace where US forces wanted to concentrate their power.

James Lewis, director of the technology policy programme at the Centre for Strategic and International Studies in Washington, said, "There's a big move to finding ways to automate defensive activities and you are going to see a lot of progress in the near future based on anomaly detection rather than signature identification."

Heli Tiirmaa-Klaar, senior advisor to the Ministry of Defence of Estonia, a country whose attack by unknown digital assailants in 2007, warned against the militarisation of the internet. "We don't think there's a military solution alone," she said. "There has to be a civilian response."

She urged a civilian response that involved all sectors of society battening down their cyber hatches to leave potential aggressors no opportunity to attack critical infrastructures.

US deputy secretary of defence William J Lynn said last summer that its cyber command centres would not amount to a militarisation of the internet because the military would concern itself only with protecting its own networks.

Shugg and other military sources say, however, that one of the blurred areas in cyberspace is the military's widespread dependence on civilian internet infrastructure and private networks.

The US Air Force has managed to fill just a third of 400 posts allotted for the Joint Warfighter cyber warfare command and operational control centres it established in July 2009 at Lackland Air force Base, Texas.

US Cyberspace Challenge >>

Military seeks private sector help to build cyber defences >>

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.