Info attacks on Defense systems rise, DISA says

Info attacks on Defense systems rise, DISA says

By Bill Murray
GCN Staff

Reports of information attacks against Defense Department systems have increased more than threefold since last year, Defense Information Systems Agency officials say.

Cyberattack reports increased from 5,844 last year to 18,433 through last month, said Army Lt. Gen. David J. Kelley, DISA's director.

'Folks, that's a growth industry,' he said early this month during a speech at the Armed Forces Communications and Electronics Association MilCom '99 conference in Atlantic City, N.J.

Kelley attributed the increase in part to DOD's improved ability to detect and report attacks. 'We are getting a lot better at detecting attacks' using network sensors, he said in another recent speech, at the Army Information Assurance Conference (AIAC) in Arlington, Va.

Criminal, espionage and hacker attacks are generally more likely to occur, Kelley said, but they are less likely to cause serious damage to department systems than are state-sponsored and terrorist attacks.

DOD cyberattacks spiral

  • 1994............225
  • 1995............559
  • 1996............730
  • 1997............780
  • 1998............5,844
  • 1999............18,433

Having weathered spam attacks emanating from China and Serbian cyberattacks during Operation Allied Force, DOD officials are struggling to determine when offensive attacks are justified.

Still searching

'We haven't figured out all the solutions to the legal problems' that could result from attacking computers in foreign countries, said Brig. Gen. Marilyn A. Quagliotti, vice director of command, control, communications and computer systems on the Joint Chiefs of Staff, at the AIAC.

DOD's legal office has issued guidance about potential ramifications of cyberattacks.

Kelley said that although military commanders have more network sensor data at their disposal, incident assessments can be difficult.

'Is it a normal outage'did someone cut a cable?' he said. 'Is it a Y2K issue? Is it an information attack?'

Tighten it up

Network security needs to be tightly integrated with network management, Kelley said.

'Sensors can collect a lot of raw data. How do we get that data in a correlated way so there aren't more questions raised?' he said. 'The best computer system is useless if you don't put the right information into it.'

DOD officials must also pay close attention to the network sensor data they receive and scrutinize its source, he said.

'A printout from a computer takes a God-like stance when it's put in someone's hand. We need to pay attention to what's put into it,' Kelley said.''Rarely have we found that technology can solve all our problems.'

Kelley, who was a battalion commander during the Vietnam War, has made it clear that he wants Defense technology to support the warfighter.'But the stakes are high, Kelley said.

'I know with 100 percent certainty that this nation will face an information attack,' he said.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.