WASHINGTON - The Pentagon is about to roll out an expanded effort to safeguard its contractors from hackers and is building a virtual firing range in cyberspace to test new technologies, according to officials familiar with the plans, as a recent wave of cyber attacks boosts concerns about US vulnerability to digital warfare.

The twin efforts show how President Barack Obama's administration is racing on multiple fronts to plug the holes in US cyber defenses.

Notwithstanding the military's efforts, however, the overall gap appears to be widening, as adversaries and criminals move faster than government and corporations, and technologies such as mobile applications for smart phones proliferate more rapidly than policymakers can respond, officials and analysts said.

Related readings:  Hackers attack Malaysian government websites  Hackers say they hit CIA website  Hackers again break into US Senate website  IMF cyber attack aimed to steal insider info

A Reuters examination of American cyber readiness produced the following findings:

* Spin-offs of the malicious code dubbed "agent.btz" used to attack the military's US Central Command in 2008 are still roiling US networks today. People inside and outside the US government strongly suspect Russia was behind the attack, which was the most significant known breach of military networks.

* There are serious questions about the security of "cloud computing," even as the US government prepares to embrace that technology in a big way for its cost savings.

* The US electrical grid and other critical nodes are still vulnerable to cyber attack, 13 years after then-President Bill Clinton declared that protecting critical infrastructure was a national priority.

* While some progress has been made in coordinating among government agencies with different missions, and across the public-private sector gap, much remains to be done.

* Government officials say one of the things they fear most is a so-called "zero-day attack," exploiting a vulnerability unknown to the software developer until the strike hits.

That's the technique that was used by the Stuxnet worm that snarled Iran's enriched uranium-producing centrifuges last summer, and which many experts say may have been created by the United States or Israel. A mere 12 months later, would-be hackers can readily find digital tool kits for building Stuxnet-like weapons on the Internet, according to a private-sector expert who requested anonymity.

"We're much better off (technologically) than we were a few years ago, but we have not kept pace with opponents," said Jim Lewis, a cyber expert with the Center for Strategic and International Studies think tank. "The network is so deeply flawed that it can't be secured."

"IT'S LIKE AN INSECT INFESTATION"

In recent months hackers have broken into the SecurID tokens used by millions of people, targeting data from defense contractors Lockheed Martin, L3 and almost certainly others; launched a sophisticated strike on the International Monetary Fund; and breached digital barriers to grab account information from Sony, Google, Citigroup and a long list of others.

The latest high-profile victims were the public websites of the CIA and the US Senate - whose committees are drafting legislation to improve coordination of cyber defenses.

Terabytes of data are flying out the door, and billions of dollars are lost in remediation costs and reputational harm, government and private security experts said in interviews. The head of the US military's Cyber Command, General Keith Alexander, has estimated that Pentagon computer systems are probed by would-be assailants 250,000 times each hour.

Cyber intrusions are now a fact of life, and a widely accepted cost of doing business.

"We don't treat it as if it's here today, gone tomorrow," said Jay Opperman, Comcast Corp.'s senior director of security and privacy. "It's like an insect infestation. Once you've got it, you never get rid of it."

The private-sector expert who requested anonymity said a top official at a major Internet service provider told him that he knew his network had been infiltrated by elite hackers. He could digitally kick them out - but that would risk provoking a debilitating counter-attack.

"THE THING ... THAT KEEPS ME UP AT NIGHT"

The idea behind the soon-to-be-announced Pentagon program for defense contractors is to boost information-sharing with the Defense Department on cyber threats. It also aims to speed reporting of attacks on firms that make up what the Pentagon calls the Defense Industrial Base.

The DIB, as it is sometimes known, provides the Defense Department some $400 billion a year in arms, supplies and other services. The new program is voluntary and builds on a smaller pilot, reflecting the persistent challenge of regulating private firms that traditionally shield proprietary data and often downplay cyber setbacks.

Ultimately, the new program may lead to agreement to put at least some Pentagon contractors behind military-grade network perimeter defenses, such as those that protect the Pentagon's own classified networks.

On another front, the Pentagon's far-out research arm, the Defense Advanced Research Projects Agency, is expected to launch by mid-2012 the National Cyber Range, a kind of replica of the Internet costing an estimated $130 million that would be used to test cutting-edge cyber defense technologies and help train cyber warriors.

The Obama administration has made cyber security a national priority, and tried to fashion an "all-government response" that imposes order on the competing domains and priorities of the Pentagon, FBI, Department of Homeland Security, the super-secret National Security Agency and the private sector.

"We're far better prepared than we've ever been before," said White House cybersecurity coordinator Howard Schmidt.

"Notwithstanding all the threats that we see out there, the things that are making news on a regular basis about a company that's been intruded upon ... (look at) how much the system still runs," Schmidt told Reuters in an interview.

The key, Schmidt said, is resiliency, "to make sure that we're better prepared, to make sure that the disruptions when they do occur are minimum - we're able to recover from them."

Still, he said major worries remain. "The thing that I worry about that keeps me up at night is the unknown vulnerability that may exist out there."

Some officials are even less sanguine.

The Pentagon's computer systems are widely considered to be better protected than other US government agencies', and far safer than the private sector's. Still, a US defense official told Reuters he would give the Pentagon just a "C+" grade overall for its cyber defenses. "We're not impervious to attack by any stretch, but nor are we 'open kimono'," the official said. He added: "And we're getting better."