Constant cyberattacks on the U.S. Missile Defense Agency and its key weapons programs pose as great a threat as development of intercontinental ballistic missiles by Iran and North Korea, the admiral who heads the agency said Thursday.
Vice Admiral James Syring told a House Armed Services subcommittee that the agency had taken "inordinate" measures to defend its own networks, but he remained concerned about potential vulnerabilities among defense contractors.
The U.S. Missile Defense Agency develops and runs a multilayered system of defenses against ballistic missile attacks by potential enemies. The system includes ground-based interceptor missiles in Alaska and California as well as high-end radar equipment to detect attacks.
Syring said that the agency carried out continuous monitoring of its classified and unclassified networks, but that cyberattacks were increasingly directed against private contractors and unclassified, controlled technical information that they housed on their networks.
"What we've got to do is get them up to where we are in terms of our protection levels, and I view it as a very near-term, very real requirement across the [Ballistic Missile Defense System]," he said.
U.S. defense officials have been increasingly vocal about escalating and constant cyberattacks originating from China, Russia and other countries.
Syring did not answer directly when asked about his knowledge of attacks on the agency's networks by China or the Chinese military, telling lawmakers he would provide fuller answers during a classified hearing.
Syring told a similar Senate hearing on Wednesday that the agency was working "hand in glove" with private contractors to ensure that future contracts contained the necessary cybersecurity requirements, protections and standards.
Deputy Defense Secretary Robert Work told Reuters this week that the Pentagon's Cyber Investment Management Board had prepared a list of top-priority weapons programs that required cybersecurity updates and investments.
He said that the details were classified, but that some of those programs were launched years ago, before cyberattacks became commonplace.