Federal government falls short in Cybersecurity.

• Author: Fein, Geoff S.
• Position: Security Beat

More than 90 percent of all successful attacks on Defense Department computer systems are based on vulnerabilities that already are known, said a top National Security Agency official.

"A system left un-patched soon becomes a target, like an unlocked sports car with the keys in the ignition," said Daniel Wolf, director of information assurance at the National Security Agency.

Eliminating computer system vulnerabilities also should be a high priority, but the government is a long way from achieving that goal, he said.

Speaking before the House Select Committee on Homeland Security's Subcommittee on Cybersecurity, Science and Research and Development, Wolf said that improving the way software is written would eliminate vulnerabilities. Computer operating systems also must have the ability to defend themselves from attack, he said.

An automated patch management system would keep government computers continually updated with the latest protection, he added.

The NSA is working on a $3 billion program called Cryptographic Modernization that would allow a computer system to modify itself on-the-fly, said Wolf.

Research also is needed to "build cybersecurity systems that can continue to operate even while under attack," he said.

The Defense Advanced Research Projects Agency is looking at these kinds of systems, said Wolf.

"I believe that the highest payoff for optimizing cybersecurity is the creation of an interoperable authentication system deployed widely throughout the federal, national security, first responder and critical infrastructure community," he said.

It would be similar to a...