DOD plans to expand nation's elite cybersecurity force

The Defense Department plans to expand its cyber workforce five-fold as part of a deliberate effort to transform it from a mainly defensive force to one that is capable of carrying out a wide range of offensive cyber operations against foreign adversaries, reports the Washington Post.

GEN Keith Alexander, the head of the U.S. Cyber Command, has drafted a plan that would expand the organization's cyber workforce from 900 to as many as 4,900 civilian and military professionals, said U.S. officials who spoke on condition of anonymity because the expansion hasn't been formally announced.

The proposed plan would establish three categories of mission forces within the Cyber Command: national, combat and cyber protection, the story said.

National mission forces would guard computer systems that run electrical grids, power plants and other critical infrastructure essential to U.S. national security, combat mission forces would help U.S. commanders overseas plan and carry out attacks and other offensive operations, and cyber protection forces would defend DOD networks, the story said.

Foreign governments, individuals and organizations are all engaged in trying to take advantage of vulnerabilities in the cyber domain, Chairman of the Joint Chiefs of Staff GEN Martin Dempsey said in a Jan. 24 interview on NBC.

"What I worry about is that [a cyberattack] could be used to implant a destructive device that could cause significant harm to the industrial base, whether it's critical infrastructure or the financial network," Dempsey said.

Outgoing Defense Secretary Leon Panetta has frequently sounded the alarm about the threat of a cyber-Pearl Harbor and the general vulnerability of U.S. military networks and critical infrastructure to cyberattacks by foreign actors, notes the New York Times. Panetta has said that he believes an aggressor nation or extremist group could precipitate a national crisis for the United States.

Panetta showed considerable concern about a computer attack in August 2012 on Saudi Aramco that damaged 30,000 computers and rendered them inoperable, the story said. American intelligence officials monitoring the situation later said that they were sure the Saudi attacks were launched by Iran, even though there is no hard evidence to prove that assertion.

Iran established a cyber corps in 2011 in response to American and Israeli cyberattacks on Iranian nuclear facilities.

Dempsey acknowledged that there are reports that destructive cyber tools have been used against Iran. "I'm neither confirming or denying any part in that," he said, "But what it should tell you is that capability exists. And if it exists, whoever's using those [capabilities] can't assume that they're the only smart people in the world."

Iran's current offensive cyber capabilities are considered to be a fraction of those possessed by Russia and China, which intelligence officials maintain are the primary sources of attacks on American business and government networks and systems, the story said.