The Pentagon is working with a dozen countries, including allies in the Persian Gulf region and east Asia, to bolster the cybersecurity of their militaries and build a collective defense against attacks.
Bahrain, Japan and South Korea are among nations getting help from the U.S. Defense Department in developing military cybersecurity commands, designing strategies to secure computer networks and training and recruiting operators, according to a Pentagon official who asked not to be identified because of the sensitivity of the effort.
The cooperation has persisted despite questions about the Pentagon’s intentions after disclosures by former National Security Agency contractor Edward Snowden that the agency had engaged in widespread electronic spying on phone and Internet communications abroad, the official said. The effort began after the Pentagon presented a cyberspace strategy in 2011.
The Defense Department “will expand its formal and informal cyber cooperation to a wider pool of allied and partner militaries to develop collective self-defense and increase collective deterrence,” according to its Strategy for Operating in Cyberspace, released in July 2011. Among the goals was the creation of “coalitions to deter malicious activities in cyberspace.”
The Defense Department foresees spending $26.6 billion on cybersecurity efforts for the five years ending in 2019, including a request for $5.06 billion for fiscal year 2015, according to Pentagon budget documents.
U.S. military officials are focusing on developing allies’ abilities to safeguard their computer networks, as well as any U.S. systems in their regions that may be vulnerable to attacks, the official said. South Korea and Saudi Arabia have been among the victims of attacks on their computer networks.
An attack on a vulnerable network in an allied country could lead to energy or telecommunications grids in the region being disabled, which in turn could prevent the U.S. military from operating in the area, the official said.
The Pentagon isn’t helping countries develop offensive computer-attack capabilities because those could be misused and lead to instability, the official said, while acknowledging that some private computer security companies are offering such services to countries in the Middle East and Asia.
Last year, South Korea blamed North Korea for attacks that disabled computers at the country’s banks, TV stations and media outlets. North Korea denied the allegations. As a result of such attacks, South Korea has developed robust cybersecurity capabilities, the U.S. official said.
In 2012, Saudi Arabia blamed unidentified people based outside the kingdom for a cyberattack against state-owned Saudi Arabian Oil Co. that aimed at disrupting production from the world’s largest exporter of crude. More than 30,000 computers were compromised or affected.
Once allies participating in the cooperative effort have sufficient technical capabilities, the Pentagon may be able to share threat details instantly to warn them of potential attacks, the official said.
The Defense Department also expects U.S. defense contractors to be able to provide cybersecurity services through the Defense Departments’s Foreign Military Sales program, as well as through direct commercial sales, the official said.
The department has the resources to focus its cooperative efforts on only a dozen countries, even though as many as 100 worldwide have sought U.S. assistance, the official said.
The proposed $5.06 billion budget for the Pentagon’s cybersecurity efforts for fiscal 2015, which begins in October, would be a slight decline from the $5.1 billion Congress approved for the current year. For fiscal 2016, the Pentagon anticipates spending $5.45 billion, according to the budget documents. For the years 2017 to 2019, the Pentagon forecasts annual budgets of about $5.4 billion.