One official responsible for keeping the Defense Department's online information safe from hackers worries less about sophisticated new attacks than he does about someone forgetting to turn on the cyber equivalent of the Pentagon's burglar alarm.
The Pentagon has so much defensive cyber technology and so many practices "that we just haven't fully leveraged." That "is what keeps me up at night," said Mark Orndorff, program executive officer for mission assurance at the Pentagon's IP provider, the Defense Information Systems Agency. This brief comment in the middle of a long panel discussion on cybersecurity this week immediately caught Killer Apps' attention.
"We have so much capability that is positioning us to stay in front of the threat, but have we thought through and applied ourselves in a way that we should to leverage that in a way to make sure we're getting the most out of it?" said Orndorff. "If somebody is just flat smarter than us and they come up with [a threat] that we can't deal with, that's not what keeps me up at night."
Orndorff refused to provide details about specific tech that the DoD isn't using to its fullest potential, lest he compromise Pentagon security, but he clearly worries about the Department of Defense leaving itself unnecessarily vulnerable.
"We have solutions that we own, and we want to make them as effective as possible," Orndorff told Killer Apps, when asked to elaborate after the discussion. "The idea is, when you go to bed at night, have you done everything you personally can do to counter the threat?"
Orndorff's comments echo a common refrain from cyber security experts -- that many threats stem simply from the failure to practice basic IT security hygiene.
U.S. Air Force