[ISN] DOD leaders mull Internet Disconnect

From: cult hero (jerichoat_private)
Date: Mon Apr 19 1999 - 12:45:18 PDT

  • Next message: cult hero: "[ISN] SpookTech 99 - The Digital Detective Workshop"

    Forwarded From: Erik Parker <netmaskat_private>
    Hammered by relentless hacker attacks against its unclassified network for
    years, the Defense Department may back away from using the Internet, which
    it invented, in favor of relying on intranet enclaves, according to a top
    Army official. 
    Lt. Gen. William Campbell, Army director of information systems for
    command, control and communications, who last year ordered all Army World
    Wide Web sites shut down pending a security review of their contents, said
    last week that all military networks connected to the Internet are
    "inherently vulnerable.... We don't have a prayer or a hope of defending
    ourselves unless we move large portions of the '.mil' [domain] onto a
    protected network" such as an intranet not connected to the Internet. 
    Campbell, speaking at a conference sponsored by the Association of the
    United States Army and the Association of Old Crows, suggested that DOD
    move its electronic commerce networks and publicly accessible Web sites to
    the ".com" domain, which is used by businesses. 
    The vulnerability of DOD networks has captured the attention of senior
    members of all four armed services as well as DOD, Campbell said. "We
    would be remiss if we left these network connections out there," he said. 
    "We need sufficient protection so no one can get into our networks and
    damage the defense of the United States." 
    To handle its most sensitive traffic, DOD uses its Secret Internet
    Protocol Router Network, an intranet-like global network. Much of DOD's
    day-to-day business -- including logistics, personnel and pay -- is
    conducted on the Non-Classified Internet Protocol Router Network, which is
    connected to the Internet and looms as a DOD electronic Achilles' heel,
    Campbell said. 
    "The openness of these networks makes us vulnerable to attacks by a
    hostile agent," Campbell said. "Vulnerabilities are of such a magnitude
    that to ignore them would be a dereliction of duty." 
    Detected hacker attacks against DOD worldwide unclassified networks occur
    at a rate of 250,000 a year -- plus an untold number of undetected
    attacks, according to Air Force Maj. Gen. John "Soup" Campbell, director
    of the recently formed Joint Task Force for Computer Network Defense. 
    Speaking at the AUSA/Old Crows conference, the Air Force's Campbell said
    these attacks threaten DOD's "basic logistics systems which run on the
    Philip Loranger, a civilian Army official who works for the Army's
    Campbell as chief of the service's Command and Control Protect Division,
    said the number of publicly accessible Web sites the Army operates poses a
    security risk. "We still have more public Web pages than necessary," he
    Loranger said the Army continues to shut down Web sites for security
    reasons. He recently closed to the public the Army's information assurance
    Web site. "In our zealousness to share information [with the American
    public], we are disclosing targeting information" that a terrorist or
    enemy state could use, Loranger said. 
    John Hamre, deputy secretary of Defense, sounded a cautionary note about
    security vulnerabilities posed by the information posted on DOD Web sites
    and the ability of hackers to exploit the connections. But he warned that
    "we are far too connected to unplug ourselves [from the Web]." 
    Hamre added that the Pentagon made a mistake in turning control of its Web
    activities over to its public relations department without considering
    security risks. The Pentagon has made strides in the past two years in
    terms of securing its critical information infrastructure, Hamre said. 
    "The foundation is in place, but it is a dramatically more complicated
    Hamre believes that vendors' e-commerce practices present a scenario ripe
    for exploitation. 
    "The best way to attack the U.S. is to become someone's customer," he
    said. "They'll give you the software" to enter sensitive systems, with few
    checks and balances imposed on the distribution or use of that software. 
    Tactical battlefield networks under development by the Army and Marines to
    support operations on future digitized battlefields have vulnerabilities,
    according to Maj. Gen. Robert Nabors, commander of the Army's
    Communications-Electronics Command. Army tactical battlefield networks,
    Nabors said, "do not have the bandwidth to handle commercial [information
    assurance] tools." 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Hacker News Network [www.hackernews.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:22:33 PDT