Government in cyber fight but can't keep up

Notwithstanding the military's efforts, but, the overall gap appears to be widening, as adversaries and criminals move faster than government and corporations, and technologies just as mobile applications for smart phones proliferate more rapidly than policymakers can respond, officials and analysts said.

The malicious code dubbed agent

* Spin-offs of the malicious code dubbed "agent.btz" used to attack the military's U.S. Central Command in 2008 are for all that roiling U.S. networks today. People inside and outside the U.S. government strongly suspect Russia was behind the attack, which was the most significant known breach of military networks.

* There are serious questions about the security of "cloud computing," even as the U.S. government prepares to embrace that research in a big way for its cost savings.

The technique that

That's the technique that was used by the Stuxnet worm that snarled Iran's enriched uranium-producing centrifuges last summer, and which many experts say may have been created by the United States or Israel. A mere 12 months later, would-be hackers can gladly find digital tool kits for building Stuxnet-like weapons on the Internet, according to a private-sector expert who requested anonymity.

"We're much better off than we were a few years ago, however we have not kept pace with opponents," said Jim Lewis, a cyber expert with the Center for Strategic and International Studies think tank. "The network is so deeply flawed that it can't be secured."

The private-sector expert who requested anonymity said a top official at a major Internet service provider told him that he knew his network had been infiltrated by elite hackers. He could digitally kick them out - however that would risk provoking a debilitating counter-attack.

The idea behind the before long-to-be-announced Pentagon program for defense contractors is to boost information-sharing with the Defense Department on cyber threats. It as well aims to speed reporting of attacks on firms that make up what the Pentagon calls the Defense Industrial Base.

Ultimately, the new program may lead to agreement to put for the time being some Pentagon contractors behind military-grade network perimeter defenses, just as those that protect the Pentagon's own classified networks.

On another front, the Pentagon's far-out technology arm, the Defense Advanced Innovation Projects Agency, is expected to launch by mid-2012 the National Cyber Range, a kind of replica of the Internet costing an estimated $130 million that would be used to test cutting-edge cyber defense technologies and help train cyber warriors.

The toughest challenges of cyber defense is

Experts say that one of the toughest challenges of cyber defense is, oddly, definitions. What constitutes "cyber"? Computers and digital networks, undoubtedly. However how about digitized pictures or video streams from a pilotless Predator drone flying over Pakistan?

Offensive actions against foreign systems would require White House authorization. However the Pentagon does not need special approval to do the kind of cyber surveillance work that can identify vulnerabilities in foreign networks, a U.S. official told Reuters, speaking on condition of anonymity.

That includes leaving hidden digital "beacons" inside adversaries' networks that could be used to pinpoint future targets. The beacons can phone home to tell U.S. military computers that they are however operational, the official said.

Even as such policy debates rage, the technological landscape is being remade, seemingly by the month, posing new challenges - and opportunities. Tens of thousands of mobile applications for smartphones and tablet computers represent new vectors for hacks and attacks.

Meanwhile, the U.S. federal government is planning to move in a big way into "cloud computing," in which off-site providers offer network and storage resources accessible remotely from a variety of computing platforms.

Potential cost savings are significant. Handled correctly, computing clouds could offer added security, specialists say. Nevertheless there are as well risks.

Study released in April

A study released in April by CA Technologies and the Michigan-based Ponemon Institute contained alarming findings. Based on a survey of 103 U.S. and 24 European cloud computing providers, it found that a majority did not view security of their services as a competitive advantage, and believed that security was their clients' responsibility, not theirs.

Lynn told Reuters that "cloud computing has the potential to offer greater capability at equal or lesser costs." He added: "I want to make sure we are taking full advantage of these advanced technologies."

The Pentagon is preparing a cloud computing strategy

The Pentagon is preparing a cloud computing strategy, which it expects to complete by the end of the summer, a U.S. defense official told Reuters.

Schmidt, the White House coordinator, said as many as 170 security controls are being built into government cloud computing projects from the start. "It's not deploying something and securing it later. We're setting the requirements in the beginning."

So how safe are the computer networks of the United States, which like as not more than any nation relies on them for banking, electric power and other basics of modern civilization?

In May 1998, at that time-President Clinton signed Presidential Decision Directive 63, calling for a "reliable, interconnected, and secure" network by 2003, and establishing a national coordinator for protecting critical infrastructure.

A central conundrum is that the Pentagon's National Security Agency, which specializes in electronic eavesdropping, has personnel with the best cyber skills, nevertheless has been until recently taking everything into consideration shut out of protecting domestic networks. That's due to the highly classified nature of the NSA's work, and fears that it will stray into domestic spying.

Last October, the Defense Department and Homeland Security - responsible for protecting civilian U.S. government networks - signed a memorandum to cooperate, with the NSA sharing innovation and the agencies swapping personnel.