Network intrusions put net-centricity 'at risk'
- By Dawn S. Onley
- Aug 23, 2006
FORT LAUDERDALE, Fla.'There were more than 60 serious hits on Army networks between the start of fiscal 2006 and Aug. 5, according to service officials. Fifteen Army bases inside the United States were targeted in the incidents, and Army officials believe the intrusions came from perpetrators seeking to help foreign adversaries steal military information.
"Our belief is their motivation in Category 1 and Category 2 intrusions is to enable a foreign adversary to deny our president, Joint Chiefs of Staff (and military services) that network-centric warfare option," said Thomas Reardon, chief of the intelligence division with Army Network Enterprise Technology Command/9th Army Signal Command. "If we are going to bet the farm on network-centric operations and we allow those kinds of intrusions to persist, we're putting it all at risk."
During a session at the Army's LandWarNet Conference here, Reardon said DOD has established a new battle command lexicon to define the severity of various categories of network intrusions. Categories 1 and 2'the most severe'indicate "enemy incoming," Reardon said. "If someone can get in, they own your network. That should enrage a commander or a leader."
Categories 1 and 2 suggest that a hacker has penetrated to the administrative, or root, level, or that an unauthorized person has gained access to "non-privileged" information, Reardon said. At the other end of the lexicon, Categories 5 and 7 are caused by authorized military personnel who either installed malicious software such as Trojan horses or create a vulnerability through non-compliance behavior, such as failing to install a security patch.
There were more than 3,400 Category 5 events and over 2,700 Category 7 events from Oct. 1, 2005 until Aug. 5, 2006, Reardon said.
"We're seeing now commanders taking action about these things," Reardon said. "But it is not yet locked into Army doctrine."
A huge part of the issue is commercial software products because they have components that are built all over the world'even in countries that are adversarial to the United States.
But Microsoft's Vista operating system, due to begin release this fall, is the first to be built with security baked into the components from the start, said Craig Mundie, the company's chief research and strategy officer. Vista was the first product to be implemented under Microsoft's Trustworthy Computing Initiative, a plan to build security, privacy and reliability'among other capabilities'into components.
"Every component is hardened," said Mundie. "The BitLocker Drive Encryption fully encrypts the entire Vista volume and prevents unauthorized disclosure of data. When it is at rest, it protects your Vista systems, even in unauthorized hands."
Still, Reardon isn't convinced.
"Craig said Microsoft's Vista was the first operating system that has security built in from Day 1. Then you look at some of the places they are getting their stuff to do that," Reardon said, referring to foreign countries that manufacture computer parts and components.
However, a working group inside the DOD is looking at ways to mitigate the cybersecurity threats, Reardon said, and to expand on the National Industrial Security Program Operating Manual, a guidance that puts restrictions on classified contracts, but not specifically information technology. "NETCOM is trying to get the working group to extend the definition" to anyone doing work that connects to the DOD's Global Information Grid.
"It is national policy that we use foreign vendors if it is to the benefit of the federal government," Reardon added. "It's not a question that we're going to stop using this stuff, because we cannot. We just have to mitigate the risks."