Army layers security blankets to guard nets
- By Dawn S. Onley
- May 03, 2002
Shortly after a military surveillance plane collided with a Chinese fighter last April, a two-week 'cyberwar' began, and Army Web sites took numerous hits.
More than 50 Web pages were defaced by an automated attack launched by supporters or agents of the People's Republic of China. The hackers placed anti-American sentiments in English and Chinese characters on some of the sites.
But most of the attacks could have been prevented if published fixes, identified in Information Assurance Vulnerability Alerts, were in place on the hacked machines, said Lt. Col. John Quigg, chief of the Army's network security improvement program in the service's chief information office.
An IAVA is a digital list of computer vulnerabilities. They are reported monthly to the chairman of the Joint Chiefs of Staff, Quigg said. The alerts are also posted on Army networks and warn of basic security measures needed to ward off viruses, worms or hackers.
'The idea is to focus everyone's attention on the most likely attacks and use scanning technology to check the computers,' Quigg said. 'Getting these tools in place helps us to see the networks and get a little more proactive in defending them.'
Since last spring, the Army has taken a serious look at how its networks are secured, according to senior officials. And the scrutiny has produced some insights, they said.Sensitivity filter
Last fall, the Army started a Web Risk Assessment Cell of about 30 people to identify sensitive content on public Web sites that include data on Army operations. Quigg said the team, made up of contractors and Army personnel, uses keyword searches to locate sensitive Army information on public IP addresses. When the data is found, the team decides whether to edit or remove it.
The Army got the idea from the Defense Department. Two years ago, DOD established its own risk assessment cell to monitor Defense Web sites for vulnerabilities that could compromise military operations if retrieved by hackers.
Since Sept. 11, the critical protection of Army networks escalated another notch'to the force protection level, Quigg said. System administrators now brief the Army chief of staff every morning on all intrusions that occur. Since the war on terrorism began, there is greater emphasis on decreasing cyberthreats by adding layers of security.
For instance, each Army installation now has at least one information security employee on staff. In March the Army conducted a weeklong information assurance awareness campaign to educate soldiers on steps to take to protect computer systems.
'The important issue is to make our computer users aware of the procedures and security issues,' said Lt. Col. Thaddeus Dmuchowski, director of the Army's Information Assurance Office. 'It is key that everyone understand that cyberwarfare is an on-going threat.'
Last month, the Army awarded Harris Corp. a multimillion-dollar contract to protect its global networks.
The Melbourne, Fla., company will install its Security Threat Avoidance Technology Scanner vulnerability assessment software on more than 1.5 million Army systems and will provide maintenance for three years.
STAT Scanner searches for vulnerabilities in strategic and tactical networks at both active and reserve units. The software shows systems administrators a comprehensive analysis of vulnerabilities and risk levels, Quigg said.
STAT Scanner works with the vulnerability alerts, Quigg added. The software runs on Microsoft Windows NT, Win 2000, XP, Linux and Sun Solaris platforms and can repair some vulnerabilities.
The efforts reduced the percentage of successful attacks, even as the Army continues to see an increase in attempts by hackers to breach systems.
In 2000, one in every 86 attacks on Army computer networks succeeded. Last year, only one attack in 149 was successful.