[ISN] Network intrusions put net-centricity "at risk"

From: InfoSec News (alerts@private)
Date: Wed Aug 23 2006 - 22:29:30 PDT


http://www.gcn.com/online/vol1_no1/41768-1.html

By Dawn S. Onley
GCN Staff
08/23/06

FORT LAUDERDALE, Fla. - There were more than 60 serious hits on Army
networks between the start of fiscal 2006 and Aug. 5, according to
service officials. Fifteen Army bases inside the United States were
targeted in the incidents, and Army officials believe the intrusions
came from perpetrators seeking to help foreign adversaries steal
military information.

"Our belief is their motivation in Category 1 and Category 2
intrusions is to enable a foreign adversary to deny our president,
Joint Chiefs of Staff (and military services) that network-centric
warfare option," said Thomas Reardon, chief of the intelligence
division with Army Network Enterprise Technology Command/9th Army
Signal Command. "If we are going to bet the farm on network-centric
operations and we allow those kinds of intrusions to persist, we're
putting it all at risk."

During a session at the Army's LandWarNet Conference here, Reardon
said DOD has established a new battle command lexicon to define the
severity of various categories of network intrusions. Categories 1 and
2 - the most severe - indicate "enemy incoming," Reardon said. "If
someone can get in, they own your network. That should enrage a
commander or a leader."

Categories 1 and 2 suggest that a hacker has penetrated to the
administrative, or root, level, or that an unauthorized person has
gained access to "non-privileged" information, Reardon said. At the
other end of the lexicon, Categories 5 and 7 are caused by authorized
military personnel who either installed malicious software such as
Trojan horses or create a vulnerability through non-compliance
behavior, such as failing to install a security patch.

There were more than 3,400 Category 5 events and over 2,700 Category 7
events from Oct. 1, 2005 until Aug. 5, 2006, Reardon said.

"We're seeing now commanders taking action about these things,"  
Reardon said. "But it is not yet locked into Army doctrine."

A huge part of the issue is commercial software products because they
have components that are built all over the world - even in countries
that are adversarial to the United States.

But Microsoft's Vista operating system, due to begin release this
fall, is the first to be built with security baked into the components
from the start, said Craig Mundie, the company's chief research and
strategy officer. Vista was the first product to be implemented under
Microsoft's Trustworthy Computing Initiative, a plan to build
security, privacy and reliability - among other capabilities—into
components.

"Every component is hardened," said Mundie. "The BitLocker Drive
Encryption fully encrypts the entire Vista volume and prevents
unauthorized disclosure of data. When it is at rest, it protects your
Vista systems, even in unauthorized hands."

Still, Reardon isn't convinced.

"Craig said Microsoft's Vista was the first operating system that has
security built in from Day 1. Then you look at some of the places they
are getting their stuff to do that," Reardon said, referring to
foreign countries that manufacture computer parts and components.

However, a working group inside the DOD is looking at ways to mitigate
the cybersecurity threats, Reardon said, and to expand on the National
Industrial Security Program Operating Manual, a guidance that puts
restrictions on classified contracts, but not specifically information
technology. "NETCOM is trying to get the working group to extend the
definition" to anyone doing work that connects to the DOD's Global
Information Grid.

"It is national policy that we use foreign vendors if it is to the
benefit of the federal government," Reardon added. "It's not a
question that we're going to stop using this stuff, because we cannot.  
We just have to mitigate the risks."



_________________________________
HITBSecConf2006 - Malaysia 
The largest network security event in Asia 
32 internationally renowned speakers 
7 tracks of hands-on technical training sessions. 
Register now: http://conference.hitb.org/hitbsecconf2006kl/



This archive was generated by hypermail 2.1.3 : Wed Aug 23 2006 - 22:42:51 PDT