[ISN] DOD needs cyberattack authority

From: mea culpa (jerichoat_private)
Date: Thu Apr 01 1999 - 23:31:56 PST

  • Next message: mea culpa: "[ISN] Free SANS Web Briefing: IDNET"

    Forwarded From: Simon Taplin <stickerat_private>
    Report: DOD needs cyberattack authority
    BY BOB BREWIN (antennaat_private)
    The Pentagon should consider changes to policies that currently prohibit
    the Defense Department from mounting a counter cyberattack if its
    computers are attacked, the National Research Council recommended in a
    report released today.
    In its report on DOD command and control systems and policies, the NRC
    said existing laws and policies prohibit DOD from "taking retaliatory
    action against a hacker in peacetime" and put "responsibility for
    apprehending and prosecuting a hacker in the hands of civilian law
    enforcement agencies."
    This results in a "passive defense posture," the NRC report said,
    "determined to fail against a determined hacker...because adversaries pay
    no price for unsuccessful attacks and make reported attempts to breach
    systems security until they succeed." 
    The NRC report, "Realizing the Potential of C4I: Fundamental Challenges,"
    sharply criticized DOD systems protection efforts, saying the Pentagon has
    fallen behind "in a race to protect computer information systems that are
    increasingly critical to military operations."
    The report said site visits to troops in the field revealed that they "do
    not appear to take protection of computer information systems as seriously
    as they do other aspects of defense." The site visits also uncovered
    "security practices that were far inferior to the best commercial
    practices for information systems protection, or the best security
    practices of DOD." 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Hacker News Network [www.hackernews.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:21:38 PDT