[ISN] Military computers vulnerable

From: mea culpa (jerichoat_private)
Date: Tue Mar 23 1999 - 03:58:54 PST

  • Next message: mea culpa: "[ISN] REVIEW: "Information Warfare and Security", Dorothy Denning"

    Forwarded From: William Knowles <erehwonat_private>
    WASHINGTON (AP) [3.22.99] - The military's key communications
    infrastructure linking combat, intelligence and command forces is
    dangerously vulnerable to attacks from cyberspace and requires urgent
    changes in Defense Department policy, said a study released Monday. 
    The Command, Control, Communications, Computers and Intelligence systems,
    known as C4I, is compromised by security problems and also by a military
    culture prone to treating such problems as a lesser priority, the National
    Research Council reported.
    ''The rate at which information systems are being relied on outstrips the
    rate at which they are being protected,'' it said. ''The time needed to
    develop and deploy effective defenses in cyberspace is much longer than
    the time required to develop and mount an attack.''
    Despite evidence of security lapses in C4I -- which handles communications
    and warning tasks all along the chain of command -- the Pentagon's ''words
    regarding the importance of information systems security have not been
    matched by comparable action,'' the report said. 
    ''Troops in the field did not appear to take the protection of their C4I
    systems nearly as seriously as they do other aspects of defense,'' said
    the report, which Congress ordered the Pentagon to commission in 1995. The
    council is an independent organization chartered by Congress to advise the
    The report indicated the problems were due more to the Pentagon's
    management of the systems than to the technology itself. It cited C4I
    workers' lack of stature compared with traditional combat forces,
    compatibility problems between the services and a need for more budget
    flexibility on the matter from both the Defense Department and Congress. 
    In a statement, the Pentagon acknowledged that the U.S.  military's
    strength ''is our information technology,'' and that ''our dependence on
    such assets, which may be subject to malicious attack, makes information
    technology our weakness as well.''
    It said that as the council's report was being prepared, the Defense
    Department had already improved protection against computer attack by
    implementing new programs, establishing a joint task force for computer
    defense and expanding training of its information technology personnel. 
    But Kenneth Allard, an analyst who has written about C4I, said its
    weaknesses are in part the fault of ''Industrial Age'' military
    acquisition policies -- applying to computers as well as tanks, ships and
    aircraft -- that give the services their own procurement duties. 
    Ships and tanks may perform different tasks, he said, but the Army, Navy
    and other services need a single-standard computer system. 
    ''Twenty-first century combat is the war of the databases, in which
    information flows must go from the foxhole to the White House and back
    down again,'' said Allard, a former Army colonel and analyst at the Center
    for Strategic and International Studies who had not yet read the council's
    The report recommended: 
    Making C4I a greater budget priority in defense spending, with a
    flexibility that can ''exploit unanticipated advances in C4I technology.''
    Designating an organization responsible for providing direct defensive
    operational support to commanders. 
    Funding a program to conduct frequent, unannounced penetration testing of
    C4I systems. 
    Ensuring that programs are operable even if one part has been penetrated
    by an adversary. 
    Emphasizing the importance of information technology in the military
    Establishing an Institute for Military Information Technology, possibly as
    part of an existing body. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Hacker News Network [www.hackernews.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:21:25 PDT