Google to Soldiers: Malware is the Enemy

nsaGetting the military’s cyber forces to focus more on the most serious threats to U.S. national security means getting away from a whack-a-mole-like strategy now used to find and remove malware in the system, officials from Google and Lockheed told a crowd of soldiers Wednesday.

Most of what cyber soldiers deal with is malware living in a system that can be exploited by an enemy, according to Jim Young, U.S. Army Account Executive for Google Enterprise Transformation.

It’s a common problem, but one that should not happen, he said at the last panel session at the Association of the U.S. Army’s annual conference in Washington D.C.

“This notion that persistent malware can stay on your machine should not happen,” he said. “The technology is out there today to erase it, or not make it an attack factor. So I encourage you … to start looking at opportunities that fundamentally change how you probe cyber security. Do not do incremental. It will not get you where you need to be.”

Charles Croom, vice president of Cyber Security Solutions for Lockheed Martin Information Systems & Global Services, called it the “80/20 cyber rule.”

“It’s a rule of thumb that says, ‘hey, if I implemented everything I knew how to do today [to stop the malware] I could take 80 percent of my threats off the table, and then I could focus on this advance persistent threat of 20 percent.”

No one has developed such an all-in-one package yet, but the Defense Advanced Research Projects Agency – DARPA – has issued proposals intended to find solutions, Croom said.

The only way to do it is to automate these solutions, he said, whether they are patching, vulnerability assessment, or remediation. These steps now are all done successfully by individual soldiers, but are done again and again as they keep cropping up, he said.

“The only way we’re going to [fix it] is through automation. We’ve got to get people out of the loop and automate what we know how to do,” he said.

The problem is that it is a multi-platform, multi-device world across “monstrous enterprises that are globally connected,” he said.

“We can’t even get our configuration management down to knowing what’s on the network, who is on the network,” Bryant said.

Networks should be automatically and constantly scanned to identify exactly what and who is on them at any time, and looking for changes to software and hardware; it can be done at the speed of light, Croom said.

And when an unauthorized change is found or weakness or an intrusion is detected, the solution should be instant and automatic, as well.

“When you know there’s an issue on your network you ought to be able to close most of them with machines,” he said. “These are repetitive things that have to be done and most of it can be done by machines. And then you save the manpower for the high-end intellectual issues, the threat you’ve never seen before, that is unique and requires some intelligence.”

About the Author

Bryant Jordan
Bryant Jordan is an associate editor and White House correspondent for Military.com. Bryant covers all corners of the military arena, is an expert on "Don't Ask Don't Tell" issues, religious proselytizing and other ongoing military policy issues. He has covered Air Force support missions during the Kosovo War and in 2006 the aero-medical evacuation mission out of Balad Air Base, Iraq.A journalist since 1979, Jordan also covered stories in Lebanon, Gaza and Morocco. During the Vietnam War he was assigned to 15th Admin. Co., 1st Cavalry Division, Bien Hoa Army Base. Before joining Military.com Jordan was a staff writer and deputy news editor for Military Timesnewspapers in Springfield, Va.

6 Comments on "Google to Soldiers: Malware is the Enemy"

  1. What would it be like without malware. Couldnt imagine..Thank God for windows.

  2. No answers here, just comments on things we already know.

  3. You need products that are constantly supported, with robust red-cell/pen-aid testing plus the devs to patch everything you find. Otherwise you're just waiting for someone to report every bug, or a hacker to post every exploit on the internet and "get in", then fixing the damage when it's done.

    Or the NSA buys the exploits off the internet…and doesn't share, in case it needs to backdoor the military.

  4. The low end are these people who say things like "at the speed of light". Military IQ would go up a good 20 points if the doors were just shut and these guys were gassed.

    The high end is the NSA which is basically creating an identity theft goldmine that they plan to exploit but will also attract a huge number of criminals.

    The next Snowdon might just quietly leak all the NSA backdoor's to all the major banks in the US and sit back and watch the meltdown.

  5. I'm confused. Why is big gubmit using Google for this? Google has a track record of knowing about stuff.

Comments are closed.