[ISN] Army official warns that hackers could infiltrate battlefield

From: InfoSec News (isnat_private)
Date: Wed Apr 03 2002 - 23:15:52 PST

  • Next message: InfoSec News: "[ISN] Army security expert emphasizes vigilance and training"

    http://www.govexec.com/dailyfed/0402/040202td1.htm
    
    By Molly M. Peterson 
    National Journal's Technology Daily 
    April 2, 2002 
    
    NEWPORT, R.I. -- Noting that a cyberterrorist attack could have grave
    consequences on the battlefield, the Army's top information security
    officer said Tuesday that the military must take a more proactive
    approach to defending its critical information systems.
    
    "It is conceivable, in theory, for a hacker sitting in his easy chair
    to get inside a tank," Col. Thaddeus Dmuchowski, director of the
    Army's Information Operations Assurance Office, said during a
    conference sponsored by the National High Performance Computing &
    Communications Council.
    
    "We can't wait for the next attack to happen," Dmuchowski said. "We
    have to be proactive. And in order to be proactive, we have to have as
    much imagination as those who would do us harm."
    
    Dmuchowski's imagination prompted him to stop all simulation exercises
    about two weeks ago, when he learned that the Army was accessing its
    simulation software--which replicates potential battlefield
    situations--through an unclassified network.
    
    If imaginative, tech-savvy adversaries had hacked into that network,
    Dmuchowski said, they could have gleaned crucial data about the Army's
    combat strategies, and figured out how to cripple critical
    communications systems. "What good is your test and evaluation, if the
    day you deploy for real, you come to a grinding halt?" he said.
    
    Dmuchowski said cyber attacks against the Army's critical systems are
    rising dramatically each year. In fiscal 2001, there were 14,641
    incidents--or attempted break-ins--and 98 actual intrusions, or
    successful attacks. By contrast, in fiscal 2000, there were 5,516
    incidents and 64 intrusions.
    
    But he noted that the vast majority of those intrusions were
    preventable. "Ninety-eight percent of all intrusions are against known
    vulnerabilities that should have been fixed," Dmuchowski said.
    
    In an effort to eliminate those vulnerabilities, the Army is
    modernizing its entire communications security infrastructure. "We're
    trying to build a more robust system," Dmuchowski said. "But we need
    more people, and the hardware's got to be updated. And there are some
    big costs to that."
    
    The Army also is taking steps to strengthen its information technology
    workforce through college internships, advanced degree scholarship
    programs for service members, and other training and education
    programs. "Academia is where we get the proactiveness we need to stay
    ahead of the bad guys," Dmuchowski said. "So we're spending a lot of
    time doing that."
    
    The Army also is spending a lot of time patching existing weak spots
    in its critical networks, only to see new ones show up almost
    immediately.
    
    "Fortunately, we're finally getting there," Dmuchowski said. "But
    we're still playing catch-up."
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Apr 04 2002 - 02:09:48 PST