Defense Deputy Secretary William Lynn III briefs the media on the Department of Defense's new strategy to defend military IT networks and a 2008 incident in which an assailant breached a classified military network.
"We have had very lively dialogue ongoing with these subjects and not all of our members have completely agreed on the next steps forward," says Harry Raduege, co-chair of the Commission on Cybersecurity for the 44th Presidency.
"Let's be blunt - because the Internet was initially designed for convenience and reliability, instead of with security as a top priority - we are fighting an uphill battle," says Commerce Secretary Gary Locke.
People who customize software often don't know what they're doing, creating an environment where adversaries can exploit unintended vulnerabilities, says Robert Lentz, the longtime Defense chief information security officer.
This latest guidance is aimed at helping agencies implement continuous monitoring of their IT systems as they move away from the traditional paper-based compliance rules under the Federal Information Security Management Act.
"Without this authority, U.S.-CERT is limited in its ability to mitigate effectively ever evolving security threats and vulnerabilities," writes DHS Inspector General Richard Skinner in this article adapted from his House testimony.