Once upon a time, very smart people in the Pentagon believed that connecting sensitive networks, expensive equipment, and powerful weapons to the open Internet was a swell idea. This ubiquitous connectivity among devices and objects — what we now call the Internet of Things — would allow them to collect performance data to help design new weapons, monitor equipment remotely, and realize myriad other benefits. The risks were less assiduously catalogued.
That strategy has spread huge vulnerabilities across the Defense Department, its networks, and much of what the defense industry has spent the last several decades creating.
“We are trying to overcome decades of a thought process…where we assumed that the development of our weapon systems that external interfaces, if you will, with the outside world were not something to be overly concerned with,” Adm. Michael Rogers, the commander of Cyber Command, told the Senate Armed Services Committee today. “They represented opportunity for us to remotely monitor activity, to generate data as to how aircraft, for example, or ships' hulls were doing in different sea states around the world. [These are] all positives if you're trying to develop the next generation of cruiser [or] destroyer for the Navy.”