By Bob Brewin
March 29, 2007
The number of successful cyberattacks against Defense Department
networks and information systems declined from about 130 in January 2005
to about 40 in January 2007, Air Force Lt. Gen. Charles Croom, director
of the Defense Information Systems Agency, told a House Armed Services
Committee subcommittee hearing March 28.
In testimony to the House Terrorism, Unconventional Threats and
Capabilities Subcommittee, Croom said the decline in successful attacks
occurred at the same time DOD deterred increasingly larger numbers of
attacks and probes against its information systems.
The number of what Croom called cyber incidents grew from 16,000 in 2004
to 23,000 in 2005 and 30,000 in 2006, he said, in addition to cyberscans
running about four times that number each year. But the majority of
those probes were unsuccessful attacks, he added.
DOD has also been able to reduce the number of computers hijacked to run
automated Internet attacks, Croom said. Although botnet activity on the
Internet increased about 110 percent between February 2005 and December
2006, the number of DOD computers used in botnet attacks declined 61
percent in the same period, he said.
The decline in the number of attacks against DOD information systems is
a result of improved computer configuration control and the use of
public-key infrastructure encryption for sign-ins and log-ons to DOD
computers and information systems, Croom said.
The department continues to spend heavily to protect its networks and
information systems, John Grimes DODs chief information officer and
assistant secretary of Defense for networks and information integration,
said at the hearing. DOD plans to spend $2.5 billion on information
assurance in fiscal 2008, Grimes said.
Visit the InfoSec News Security Bookstore