The United States cannot be confident that our critical Information Technology (IT) systems will
work under attack from a sophisticated and well-resourced opponent utilizing cyber capabilities
in combination with all of their military and intelligence capabilities (a “full spectrum”
adversary). While this is also true for others (e.g. Allies, rivals, and public/private networks), this
Task Force strongly believes the DoD needs to take the lead and build an effective response to
measurably increase confidence in the IT systems we depend on (public and private) and at the
same time decrease a would-be attacker’s confidence in the effectiveness of their capabilities
to compromise DoD systems. We have recommended an approach to do so, and we need to
start now!
While DoD takes great care to secure the use and operation of the “hardware” of its weapon
systems, these security practices have not kept up with the cyber adversary tactics and
capabilities. Further, the same level of resource and attention is not spent on the complex
network of information technology (IT) systems that are used to support and operate those
weapons or critical cyber capabilities embedded within them.