WASHINGTON (AP) -- The military's key communications infrastructure linking combat, intelligence and command forces is dangerously vulnerable to attacks from cyberspace and requires urgent changes in Defense Department policy, said a study released Monday.
The Command, Control, Communications, Computers and Intelligence systems, known as C4I, is compromised by security problems and also by a military culture prone to treating such problems as a lesser priority, the National Research Council reported."The rate at which information systems are being relied on outstrips the rate at which they are being protected," it said. "The time needed to develop and deploy effective defenses in cyberspace is much longer than the time required to develop and mount an attack."
Despite evidence of security lapses in C4I -- which handles communications and warning tasks all along the chain of command -- the Pentagon's "words regarding the importance of information systems security have not been matched by comparable action," the report said.
"Troops in the field did not appear to take the protection of their C4I systems nearly as seriously as they do other aspects of defense," said the report, which Congress ordered the Pentagon to commission in 1995. The council is an independent organization chartered by Congress to advise the government
The report indicated the problems were due more to the Pentagon's management of the systems than to the technology itself. It cited C4I workers' lack of stature compared with traditional combat forces, compatibility problems between the services and a need for more budget flexibility on the matter from both the Defense Department and Congress.
In a statement, the Pentagon acknowledged that the U.S. military's strength "is our information technology," and that "our dependence on such assets, which may be subject to malicious attack, makes information technology our weakness as well."
It said that as the council's report was being prepared, the Defense Department had already improved protection against computer attack by implementing new programs, establishing a joint task force for computer defense and expanding training of its information technology personnel.