WASHINGTON (CNN) -- The U.S. military has spent at least $100 million defending its computer network from and responding to cyberattacks, according to a top official responsible for network security.
Defense Secretary Robert Gates has highlighted the need to increase personnel involved in cybersecurity.
The money was spent over the last six months responding to incidents that affected the Pentagon's networks, according to Brig. Gen. John Davis of the U.S. Strategic Command, which is responsible for military cybersecurity.
The money also went toward training and investment in tools and technologies needed because of infiltrations and viruses, he said.
Davis said he was asked by the head of Strategic Command, Gen. Kevin Chilton, to track the costs in an effort to analyze the price of reacting to incidents that threaten the military's cybersecurity.
"We are finding ourselves in an ever-increasing, sophisticated environment where our networks at [the Department of Defense] are increasingly in a contested environment," Davis said.
He spoke by phone from the USStratcom Cyberspace Symposium, a two-day event in Omaha, Nebraska, for defense officials, as well as technology industry members.
Davis would not give specific examples of cyberattacks, but he said the military's technology team deals with a wide variety of incidents every day.
"It ranges in scope from the less serious -- the bored teenager -- all the way up to nation-state capabilities," Davis said.
"We do know that there are nation states that are investing in capabilities to operate in cyberspace. We have to expect that," he said. "We have to be able to defend our networks."
Davis would not name specific countries, but one country the United States is concerned about is China, according to the Pentagon's 2009 report to Congress on that country's military.
China "has established information warfare units to develop viruses to attack enemy computer systems and networks, and tactics and measures to protect friendly computer systems and networks," according to a 2009 report called the Military Power of the People's Republic of China.
In 2008, computer systems around the world, including the U.S. government's, were the target of intrusion that seemed to have originated in China, the report said.
"Although these intrusions focused on exfiltrating information, the accesses and skills required for these intrusions are similar to those necessary to conduct computer network attacks," the report said.
The money spent on reacting to incidents could be better spent to have the intelligence capabilities so the system could be better defended, Davis said.
"Rather than spending money reacting, it would be wiser to build capabilities in a proactive manner to protect systems in the first place," he said. "It would be wiser to spend it up front to keep less sophisticated threats off our radar so we can focus on real attacks."
Davis said the military needs to realize that the Internet is not just a service but a critical part of the Defense Department's operations that needs to be reliably secure.
"We rely on our networks for war fighting functions. To have a loss of trust would be traumatic," Davis said.
The military has had some self-inflicted problems from basic security problems, like viruses on personal drives and "phishing" incidents, that hampered its security, Davis said. Last year, external drives were banned from being used on the military network.
As part of his Monday announcement about changes to the Pentagon budgets, Defense Secretary Robert Gates highlighted the need to increase the number of personnel involved in cybersecurity.
Gates announced that the Department of Defense would triple the number of "cyber-experts" to 250 over the next two years.
But that's not enough, said Davis.
"It's got to be more," he said. "But it is a sign of progress."
|Most Viewed||Most Emailed||Top Searches|