Forwarded From: William Knowles <erehwonat_private> http://www.usatoday.com/life/cyber/tech/cte684.htm WASHINGTON (AP) [3.22.99] - The military's key communications infrastructure linking combat, intelligence and command forces is dangerously vulnerable to attacks from cyberspace and requires urgent changes in Defense Department policy, said a study released Monday. The Command, Control, Communications, Computers and Intelligence systems, known as C4I, is compromised by security problems and also by a military culture prone to treating such problems as a lesser priority, the National Research Council reported. ''The rate at which information systems are being relied on outstrips the rate at which they are being protected,'' it said. ''The time needed to develop and deploy effective defenses in cyberspace is much longer than the time required to develop and mount an attack.'' Despite evidence of security lapses in C4I -- which handles communications and warning tasks all along the chain of command -- the Pentagon's ''words regarding the importance of information systems security have not been matched by comparable action,'' the report said. ''Troops in the field did not appear to take the protection of their C4I systems nearly as seriously as they do other aspects of defense,'' said the report, which Congress ordered the Pentagon to commission in 1995. The council is an independent organization chartered by Congress to advise the government. The report indicated the problems were due more to the Pentagon's management of the systems than to the technology itself. It cited C4I workers' lack of stature compared with traditional combat forces, compatibility problems between the services and a need for more budget flexibility on the matter from both the Defense Department and Congress. In a statement, the Pentagon acknowledged that the U.S. military's strength ''is our information technology,'' and that ''our dependence on such assets, which may be subject to malicious attack, makes information technology our weakness as well.'' It said that as the council's report was being prepared, the Defense Department had already improved protection against computer attack by implementing new programs, establishing a joint task force for computer defense and expanding training of its information technology personnel. But Kenneth Allard, an analyst who has written about C4I, said its weaknesses are in part the fault of ''Industrial Age'' military acquisition policies -- applying to computers as well as tanks, ships and aircraft -- that give the services their own procurement duties. Ships and tanks may perform different tasks, he said, but the Army, Navy and other services need a single-standard computer system. ''Twenty-first century combat is the war of the databases, in which information flows must go from the foxhole to the White House and back down again,'' said Allard, a former Army colonel and analyst at the Center for Strategic and International Studies who had not yet read the council's report. The report recommended: Making C4I a greater budget priority in defense spending, with a flexibility that can ''exploit unanticipated advances in C4I technology.'' Designating an organization responsible for providing direct defensive operational support to commanders. Funding a program to conduct frequent, unannounced penetration testing of C4I systems. Ensuring that programs are operable even if one part has been penetrated by an adversary. Emphasizing the importance of information technology in the military leadership. Establishing an Institute for Military Information Technology, possibly as part of an existing body. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Hacker News Network [www.hackernews.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:21:25 PDT