WASHINGTON, D.C. Defense Secretary Chuck Hagel recently directed that DOD organizations take additional steps to ensure unclassified controlled technical information is protected from cyber intrusions.
“Stolen data provides potential adversaries extraordinary insight into the United States’ defense and industrial capabilities and allows them to save time and expense in developing similar capabilities,” Hagel said in a memo dated Oct. 10.
“Protection of this data is a high priority for the department and is critical to preserving the intellectual property and competitive capabilities of our national industrial base and the technological superiority of our fielded military systems,” he added.
As the world has become increasingly dependent on electronic data, traditional physical security concepts are no longer valid, said Jennifer Elzea, a Defense Department spokesperson.
“The opportunity to gain access to sensitive unclassified information is simply too unconstrained, and we must rethink how we safeguard our technical information,” she said.
Unclassified controlled technical data losses have become a major problem for the nation and its industrial base, Elzea said. And the problem is getting worse. Data and intellectual property concerning defense systems requirements, concepts of operations, technologies, designs, engineering, systems production and component manufacturing are all being targeted, she said. While the information is unclassified, its loss still represents a significant threat to national security.
“The department must be sure that unclassified controlled technical information is protected from network intrusion and that any consequences associated with loss of this information are assessed and minimized,” Elzea said.
To that end, the secretary directed that the offices of the undersecretaries of defense for acquisition, technology and logistics, policy, intelligence, and the DOD chief information officer work together to develop any necessary changes to policy, guidance and rulemaking activities to improve the protection of unclassified controlled technical information that resides on or passes through defense contractor systems or networks.
DOD also has proposed an amendment to its acquisition and contracting regulations, Elzea said. The amendment will add language to defense contracts requiring contractors to incorporate established security standards on their networks, and to report cyber-intrusions that result in the loss of unclassified controlled technical information.
The change is part of the effort to balance the cost of increased protection with the ability to conduct business operations at an unclassified level, she noted. The department must be able to safely operate at that level.
Other actions directed in the memo include the establishment of a joint analysis cell to assess losses of technical information. The cell, to be led by the undersecretary of defense for acquisition, technology and logistics, will determine the consequences of those losses and develop necessary responses.
In addition, Hagel directed the military departments to identify critical acquisition and technology programs that require additional protection. This process will include a review of the classification guidance for those programs.
Finally, the DOD CIO, the National Security Agency and the Defense Information Systems Agency will continue to identify the technical standards needed to protect unclassified information in the Joint Information Environment.
“The Department of Defense is committed to protecting our unclassified controlled technical information against the threat of cyber intrusions that target the department and our industrial base,” the defense secretary said.
“These actions will ensure that the department provides a cohesive, comprehensive and cost-effective approach to protect priority investments and future defense capabilities while maintaining efficient business operations with our industrial partners,” he added.