Top defense and intelligence officials told Senate lawmakers Tuesday that the U.S. needs a new strategy to approach persistent cyber attacks, AOL Defense reports.
According to James Peery of the Energy Department’s Sandria National Laboratories, the U.S. should adopt an attitude where it presumes the adversary is constantly on the networks.
Ken Gabriel, acting director for the Defense Advanced Projects Agency, suggested that it is easier and less costly to attack a computer network than it is to defend one.
Zachary Lemnios, the Defense Department’s chief technology officer, told a Senate Armed Services subcommittee the U.S. has gone through phases in its cyber defense method.
The method currently consists of a measure and countermeasure system, he said.
The U.S. initially used a perimeter defense method where systems would try to bar hackers from getting into a network in the first place, Lemnios said.
Lemnios said this method was insufficient if someone was already allowed access into a system.
Lemnios said the best defense system today monitors the activity inside a network to find anomalies, such as an insider accessing information he or she should not be looking at.
Michael Wertheimer, the National Security Agency’s director of research and development, said the U.S. should not obsess about the number of attacks as much as on who is conducting the attack.
Northrop Grumman reported to Congress March 8 that China poses a cyber risk to the U.S. that should warrant concern.
Wertheimer believes the U.S. is not currently keeping a close enough watch on nation-state threats and attacks.
The country’s current system focuses on gathering intelligence and that may not be suitable for engaging in cyber attacks or for the Defense Department, according to Gabriel.
A cyber exploit that causes the system to crash is not an intelligence exploit and may be more effective for the Pentagon mission, Gabriel said.