Pentagon adds cybersecurity to arms criteria

Hacks and cyber attacks on US weapons programs and manufacturers are a "pervasive" problem that requires greater attention, the top US arms buyer said yesterday, adding that he would include cybersecurity to the Pentagon's guidelines for buying weapons.

"It’s about the security of our weapons systems themselves and everything that touches them. It’s a pervasive problem and I think we have to pay a lot more attention to it," defence undersecretary Frank Kendall said.

Kendall said he planned to add cybersecurity to the next phase of his "better buying power" initiative, and was also working on a special section on cybersecurity requirements to be added to the Pentagon's guidelines for buying weapons.

US President Barack Obama's fiscal 2016 budget proposal requested US$14 billion (A$18 billion) for cybersecurity efforts to better protect federal and private networks from hacking threats, including US$5.5 billion (A$7 billion) for the Pentagon alone.

The US Defence department's chief weapons tester told Congress in January that nearly every US weapons program showed "significant vulnerabilities" to cyber attacks, including misconfigured, unpatched and outdated software.

Kendall echoed those concerns this week and said he was trying to raise awareness about what he described as a "big problem" that affected the Pentagon and all layers of industry, including the larger supply chain involved in weapons systems.

Kendall said some measures had already been adopted to defend US weapons systems and the companies that build them against escalating cyber attacks, but more work was needed.

In January, when Kendall released the latest version of the Pentagon's acquisition guidelines, called Department of Defense Instruction 5000.02, he said he had started work on a new section to deal with designing for and managing cybersecurity.

Details of the new section have not been released.

Kendall told the conference that the latest version of his better buying power initiative would be released later this month. It too will include a section on cybersecurity, he said.