NEW SECURITY LEARNING

US DoD looks to private sector for cyber lessons

The significant breaches in security at the United States Department of Defence (DoD) over the last few weeks have raised questions about the capacity of the U.S. to fight off cyber-attacks from foreign states and their agencies. The opportunities, however, for IT companies to profit from a review of the cyberdefence strategy appear to be vast.

As part of this new cyberdefence strategy, the DoD will begin using the experiences of private companies to apply improved standards within its IT infrastructure. The strategy will seek to use best practice – such as IT system life cycles – from private industry in order to supply a safe and secure network environment, allowing for a safer flow of information around the system.

The strategy aims directly at bringing private commercial companies into a working group to ensure sound security protocols. The DoD hopes to help achieve this, in part, by calling on Internet Service Providers to work directly with the Federal Government in order to address issues and risks within the Department’s networks.

Although the new strategy seeks to improve and expand its IT infrastructure to include secure ‘cloud computing’ and improved IT architectures the methods which will deliver these tools currently appear to be, as elsewhere in the IT sector, under review and are undetermined. The issue of cloud computing, specifically, has been a challenge to many service providers in recent years, with a great many problems still affecting the security of such a system.

The review comes following a number of serious security breaches, including the theft of 24,000 DoD documents earlier this year. The issue of security however does not end with technology, as Martin Smith explains in his article, human interference can have as damaging an effect from inside an institution as from outside.