[ISN] DOD fights 'Net

From: InfoSec News (isn@private)
Date: Mon Jan 24 2005 - 01:39:49 PST


Forwarded from: William Knowles <wk@private>

http://www.fcw.com/fcw/articles/2005/0117/web-wolf-01-21-05.asp

By Frank Tiboni 
Jan. 21, 2005

The second-highest public official at the Pentagon considers computer
security so important to military operations that he sent a memo last
year to department leaders telling them they must "Fight the Net."

"Protection of DOD computer network systems is a key priority. Leaders
at every echelon must be personally involved in the defense and
protection of our computer networks," said Deputy Defense Department
Secretary Paul Wolfowitz in the memo, "DOD Network Defense."

The Pentagon's top information assurance official said Wolfowitz
issued the memorandum because he wants all department personnel who
use a computer to take a personal responsibility in protecting the
Global Information Grid, the network of DOD business and war-fighting
systems. "Everybody must understand the importance of practicing good
computer security," said Robert Lentz, director of information
assurance in the Office of the Assistant Secretary of Defense for
Networks and Information Integration and Chief Information Officer.

Wolfowitz offered five tips to improve computer security
department-wide:

* Employ information assurance best practices for proper network
  configurations.

* Use accepted password management practices.

* Minimize access privileges through need-to-know criteria.

* Increase awareness of cross-domain file transfer security
  procedures.

* Eliminate unauthorized use of readily exploitable software such as
  peer-to-peer file sharing and remote access applications.

In the two-page memo dated Aug. 15, he acknowledged the hacking of
military systems. "Recent exploits have reduced operational
capabilities on our networks," Wolfowitz said. "Failure to secure our
networks will weaken our war-fighting ability and potentially put
lives at risk."

He cited poor network management and vigilance as the culprit. "While
great strides have been made in a number of areas, we continue to be
negatively impacted when deficiencies in our information systems are
successfully exploited," Wolfowitz said. "In most cases, proper
vulnerability management would have prevented this."

Lentz declined comment on the hackings mentioned in the memo citing
operational concerns. "Take it [the memo] at face value," he said.
 
 

*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/



This archive was generated by hypermail 2.1.3 : Mon Jan 24 2005 - 07:52:59 PST