Google to Soldiers: Malware is the Enemy

nsaGetting the military’s cyber forces to focus more on the most serious threats to U.S. national security means getting away from a whack-a-mole-like strategy now used to find and remove malware in the system, officials from Google and Lockheed told a crowd of soldiers Wednesday.

Most of what cyber soldiers deal with is malware living in a system that can be exploited by an enemy, according to Jim Young, U.S. Army Account Executive for Google Enterprise Transformation.

It’s a common problem, but one that should not happen, he said at the last panel session at the Association of the U.S. Army’s annual conference in Washington D.C.

“This notion that persistent malware can stay on your machine should not happen,” he said. “The technology is out there today to erase it, or not make it an attack factor. So I encourage you … to start looking at opportunities that fundamentally change how you probe cyber security. Do not do incremental. It will not get you where you need to be.”

Charles Croom, vice president of Cyber Security Solutions for Lockheed Martin Information Systems & Global Services, called it the “80/20 cyber rule.”

“It’s a rule of thumb that says, ‘hey, if I implemented everything I knew how to do today [to stop the malware] I could take 80 percent of my threats off the table, and then I could focus on this advance persistent threat of 20 percent.”

No one has developed such an all-in-one package yet, but the Defense Advanced Research Projects Agency – DARPA – has issued proposals intended to find solutions, Croom said.

The only way to do it is to automate these solutions, he said, whether they are patching, vulnerability assessment, or remediation. These steps now are all done successfully by individual soldiers, but are done again and again as they keep cropping up, he said.

“The only way we’re going to [fix it] is through automation. We’ve got to get people out of the loop and automate what we know how to do,” he said.

The problem is that it is a multi-platform, multi-device world across “monstrous enterprises that are globally connected,” he said.

“We can’t even get our configuration management down to knowing what’s on the network, who is on the network,” Bryant said.

Networks should be automatically and constantly scanned to identify exactly what and who is on them at any time, and looking for changes to software and hardware; it can be done at the speed of light, Croom said.

And when an unauthorized change is found or weakness or an intrusion is detected, the solution should be instant and automatic, as well.

“When you know there’s an issue on your network you ought to be able to close most of them with machines,” he said. “These are repetitive things that have to be done and most of it can be done by machines. And then you save the manpower for the high-end intellectual issues, the threat you’ve never seen before, that is unique and requires some intelligence.”

About the Author

Bryant Jordan
Bryant Jordan is a reporter for He can be reached at Follow him on Twitter at @BryantJordan.
  • dan

    What would it be like without malware. Couldnt imagine..Thank God for windows.

  • SkyNet
  • GNC

    No answers here, just comments on things we already know.

  • blight_

    You need products that are constantly supported, with robust red-cell/pen-aid testing plus the devs to patch everything you find. Otherwise you’re just waiting for someone to report every bug, or a hacker to post every exploit on the internet and “get in”, then fixing the damage when it’s done.

    Or the NSA buys the exploits off the internet…and doesn’t share, in case it needs to backdoor the military.

  • oblatt1

    The low end are these people who say things like “at the speed of light”. Military IQ would go up a good 20 points if the doors were just shut and these guys were gassed.

    The high end is the NSA which is basically creating an identity theft goldmine that they plan to exploit but will also attract a huge number of criminals.

    The next Snowdon might just quietly leak all the NSA backdoor’s to all the major banks in the US and sit back and watch the meltdown.

  • hibeam

    I’m confused. Why is big gubmit using Google for this? Google has a track record of knowing about stuff.