Officials from Cybersecurity industry and former military cyber experts reported the Senate Armed Services Committee on Wednesday that the Defense Department needs to adopt more commercial Cybersecurity technology. Co-Founder and CTO of Cybersecurity firm Crowdstrike, Dmitri Alperovitch said that the U.S. Defense Department faces a similar challenge to the private sector. The very same threat actors that are targeting private industry today to pilfer intellectual property; sometimes carry out with destructive attacks for seeking to break into DOD networks to direct espionage and deteriorate nation’s warfighting capabilities.
Some Cyber officials at the hearing highlighted some areas where they experience the private sector is ahead of DOD. Senior partner at Core Consulting and a 30-year experienced at the National Security Agency (NSA), Francis Landoff noted that the DOD lingers behind the experienced, state-of-the-art commercial technology. He said that he has observed, as a rule, that companies with thrilling new technical strategies in Cybersecurity and backed by prominent and savvy venture capital investors, grapple to get meetings with the Defense Department that have much less an opportunity to present their product and make sales.
Federal Chief Security Officer at Palo Alto Networks, John Davis said that network defenders are losing the Cybersecurity battle because they’re taking people to a software fight. He pushed for more automated tools, expanded experimentation programs, and incentives for companies to partake threat intelligence.
Alperovitch emphasized the need for more hunting process of active threats on DOD networks. He recommended a 1-10-60 rule alike to the Crowdstrike that comprises 1 minute to detect a threat, 10 minutes to identify the issue, and 60 minutes to remediate the issue. Officials also swore to the need for speeding the security authorization process to attract more expertise to the military.