For the military, networks are a critical line of defense
Intrusions aimed at stealing data put net-centricity at risk, officials say
- By Dawn S. Onley
- Aug 24, 2006
Foreign adversaries are targeting military networks, hoping to gain information that could threaten network-centric operations, Army officials said.
There were more than 60 serious hits on Army networks between the start of fiscal 2006 and Aug. 5, according to service officials. Fifteen Army bases inside the United States were targeted in the incidents, and Army officials believe the intrusions are coming from perpetrators who seek to help foreign adversaries steal military information.
'Our belief is their motivation in Category 1 and Category 2 intrusions is to enable a foreign adversary to deny our president, Joint Chiefs of Staff (and military services) that network-centric warfare option,' said Thomas Reardon, chief of the intelligence division with Army Network Enterprise Technology Command/9th Army Signal Command.
'If we are going to bet the farm on network-centric operations and we allow those kinds of intrusions to persist, we're putting it all at risk.'
During a session at the Army's LandWarNet Conference last week in Fort Lauderdale, Fla., Reardon said DOD has established a new battle command lexicon to define the severity of various categories of network intrusions. Categories 1 and 2'the most severe'indicate 'enemy incoming,' Reardon said. 'If someone can get in, they own your network. That should enrage a commander or a leader.'
Categories 1 and 2 suggest that a hacker has penetrated to the administrative or root level, or that an unauthorized person has gained access to 'nonprivileged' information, Reardon said.
At the other end of the lexicon, Categories 5 and 7 are caused by authorized military personnel who either installed malicious software such as Trojan horses or created a vulnerability through noncompliance, such as failing to install a security patch.
There were more than 3,400 Category 5 events and over 2,700 Category 7 events from Oct. 1, 2005, until Aug. 5, 2006, Reardon said.
'We're seeing now commanders taking action about these things,' Reardon said. 'But it is not yet locked into Army doctrine.'
At issue are commercial software products, which have components that are built all over the world'even in countries that are adversarial to the United States.
Agencies could get some help by migrating to Microsoft Vista operating system, due to begin release this fall, which is the first to be built with security baked into the components from the start, said Craig Mundie, the company's chief research and strategy officer. Vista was the first product to be implemented under Microsoft's Trustworthy Computing Initiative, a plan to build security, privacy and reliability'among other capabilities'into components.
'Every component is hardened,' Mundie said. 'The BitLocker Drive Encryption fully encrypts the entire Vista volume and prevents unauthorized disclosure of data. When it is at rest, it protects your Vista systems, even in unauthorized hands.'
Still, Reardon isn't convinced.
'Craig said Microsoft's Vista was the first operating system that has security built in from Day 1. Then you look at some of the places they are getting their stuff to do that,' Reardon said, referring to foreign countries that manufacture computer parts and components.Working group
However, a working group inside DOD is looking at ways to mitigate the cybersecurity threats, Reardon said, and to expand on the National Industrial Security Program Operating Manual, a guidance that puts restrictions on classified contracts, but not specifically information technology. 'NETCOM is trying to get the working group to extend the definition' to anyone doing work that connects to DOD's Global Information Grid.
'It is national policy that we use foreign vendors if it is to the benefit of the federal government,' Reardon added. 'It's not a question that we're going to stop using this stuff, because we cannot. We just have to mitigate the risks.'