The Pentagon spent more than $100 million in the last six months responding to and repairing damage from cyber attacks and other computer network problems, military leaders said Tuesday.
Air Force Gen. Kevin P. Chilton, who heads U.S. Strategic Command, said the military was only beginning to track the costs, which are triggered by daily attacks against networks at the Pentagon and military bases around the country.
“The important thing is that we recognize that we are under assault from the least sophisticated -- what I would say [is] the bored teenager -- all the way up to the sophisticated nation-state, with some pretty criminal elements sandwiched in-between,” said Chilton, adding that the motivations include vandalism and espionage. “This is indeed our big challenge, as we think about how to defend it.”
According to Army Brig. Gen. John Davis, deputy commander for network operations, the money was spent on manpower, computer technology and contractors hired to clean up after external investigations and internal mistakes. Strategic Command is responsible for protecting and monitoring the military’s information grid, as well as coordinating any offensive cyber warfare on behalf of the U.S.
Officials would not say how much of the $100-million cost was due to outside attacks against the system, versus viruses and problems triggered accidentally by Defense Department employees. And they declined to reveal any details about suspected cyber attacks against the Pentagon by other countries.
Speaking to reporters from a cyberspace conference in Omaha, the military leaders said the U.S. needed to invest more money in computer capabilities, rather than pouring millions into repairs.
“You can either pay me now, or you can pay me later,” Davis said. “It would be nice to spend that money proactively.”
Officials noted that they only began tracking spending last year and were still not sure whether they were identifying all the costs related to taking down problematic networks.
The Pentagon has acknowledged that its vast network is scanned or probed by outsiders millions of times each day. Last year a cyber attack forced the Defense Department to take as many as 1,500 computers offline. And last fall the department banned the use of external computer flash drives because of threat of viruses.