By Dawn S. Onley
Foreign adversaries are targeting military networks, hoping to gain
information that could threaten network-centric operations, Army
There were more than 60 serious hits on Army networks between the start
of fiscal 2006 and Aug. 5, according to service officials. Fifteen Army
bases inside the United States were targeted in the incidents, and Army
officials believe the intrusions are coming from perpetrators who seek
to help foreign adversaries steal military information.
"Our belief is their motivation in Category 1 and Category 2 intrusions
is to enable a foreign adversary to deny our president, Joint Chiefs of
Staff (and military services) that network-centric warfare option," said
Thomas Reardon, chief of the intelligence division with Army Network
Enterprise Technology Command/9th Army Signal Command.
"If we are going to bet the farm on network-centric operations and we
allow those kinds of intrusions to persist, were putting it all at
During a session at the Armys LandWarNet Conference last week in Fort
Lauderdale, Fla., Reardon said DOD has established a new battle command
lexicon to define the severity of various categories of network
intrusions. Categories 1 and 2 -- the most severe -- indicate enemy
incoming, Reardon said. "If someone can get in, they own your network.
That should enrage a commander or a leader."
Categories 1 and 2 suggest that a hacker has penetrated to the
administrative or root level, or that an unauthorized person has gained
access to "nonprivileged" information, Reardon said.
At the other end of the lexicon, Categories 5 and 7 are caused by
authorized military personnel who either installed malicious software
such as Trojan horses or created a vulnerability through noncompliance,
such as failing to install a security patch.
There were more than 3,400 Category 5 events and over 2,700 Category 7
events from Oct. 1, 2005, until Aug. 5, 2006, Reardon said.
"We're seeing now commanders taking action about these things," Reardon
said. But it is not yet locked into Army doctrine.
At issue are commercial software products, which have components that
are built all over the world -- even in countries that are adversarial
to the United States.
Agencies could get some help by migrating to Microsoft Vista operating
system, due to begin release this fall, which is the first to be built
with security baked into the components from the start, said Craig
Mundie, the companys chief research and strategy officer. Vista was the
first product to be implemented under Microsofts Trustworthy Computing
Initiative, a plan to build security, privacy and reliability -- among
other capabilities -- into components.
"Every component is hardened," Mundie said. "The BitLocker Drive
Encryption fully encrypts the entire Vista volume and prevents
unauthorized disclosure of data. When it is at rest, it protects your
Vista systems, even in unauthorized hands." Still, Reardon isnt
"Craig said Microsoft's Vista was the first operating system that has
security built in from Day 1. Then you look at some of the places they
are getting their stuff to do that," Reardon said, referring to foreign
countries that manufacture computer parts and components.
However, a working group inside DOD is looking at ways to mitigate the
cybersecurity threats, Reardon said, and to expand on the National
Industrial Security Program Operating Manual, a guidance that puts
restrictions on classified contracts, but not specifically information
technology. "NETCOM is trying to get the working group to extend the
definition" to anyone doing work that connects to DODs Global
"It is national policy that we use foreign vendors if it is to the
benefit of the federal government," Reardon added. "Its not a question
that were going to stop using this stuff, because we cannot. We just
have to mitigate the risks."
HITBSecConf2006 - Malaysia
The largest network security event in Asia
32 internationally renowned speakers
7 tracks of hands-on technical training sessions.
Register now: http://conference.hitb.org/hitbsecconf2006kl/