Defense reopens public Web sites
Defense reopens public Web sites
- By Dawn S. Onley
- Sep 20, 2001
After suspending access, DOD upgrades routers as a precaution against Code Red virus
'We could selectively turn on the IP addresses to allow critical information to flow,' during the virus attack, DISA chief Harry Raduege said.
The Defense Department reopened public access to all of its Web sites earlier this month after weeks of patching systems and upgrading routers that were vulnerable to the Code Red worm.
For four days in mid-July, DOD shut down public access to most .mil
sites. The sites were reopened temporarily, but most of the department's sites were again closed to the public throughout last month because the virus struck again, said Maj. Barry Venable, spokesman for the Space Command in Colorado Springs, Colo., which monitors Defense networks.
Code Red is known for its ability to mutate and strike vulnerable systems. The virus can deface Web sites and slow down performance.
DOD blocked public access as long as it did for a reason, Venable said. 'We found that, depending on the traffic, it flooded your routers,' he said, adding that authorized government users had full access to Defense Web sites and the Internet during the shutdown.
'We upgraded the routers at the gateways to continue to work through despite the worm's presence,' he said.
The Joint Taskforce for Computer Network Operations, which is assigned to the Space Command, made the decision to suspend public access.
At the recent Air Force IT Conference in Montgomery, Ala., an employee asked whether the shutdown stalled business transactions in DOD. Gen. Harry Raduege, head of the Defense Information Systems Agency, said that it did not. He said the move was unavoidable, but critical business transactions still took place.
DISA operates 13 gateways where the Non-Classified IP Router Network connects to the Internet.
'We could selectively turn on IP addresses to allow critical information to flow,' Raduege said.
During the attacks, DISA's central processing units started to fill up to 80 percent to 90 percent of load capacity, Raduege said. They normally operate at about 10 percent.
'We were being shut down by Code Red,' Raduege said. 'This is warfare out there on the Net.'
DISA could have left the central units open 'to see how long it took for us to come crashing down,' Raduege said, but the task force opted to halt public access.
The decision limited damage to servers, Venable said: Of DOD's 10,000 networks and 2.5 million computers, the department registered only 250 infections. He said the virus affected some systems and interrupted some network services, but that the damage was minimal. He added that the affected systems have since been patched and repaired.
'It was really done as a precaution,' he said. 'We regret the inconvenience, but at the same time the NIPRnet, which is the command and control system for DOD, was up and running throughout this.'New cyberstyle
At a recent Pentagon press conference, DOD's new CIO, John P. Stenbit, noted the difference in the way the Pentagon now deals with computer security threats such as Code Red.
'The comparison with how the Pentagon deals with that kind of problem today compared with three or four years ago is enormously more positive,' Stenbit said. 'That is a good thing, because it is enormously more dangerous these days.'
The impact of Code Red on DOD systems pales in comparison with the effect on the commercial world, Raduege said.
One of the virus' intended targets was the White House Web site, according to network protection company eEye Digital Security of Aliso Viejo, Calif. But a White House team eluded the attack.