[ISN] For the military, networks are a critical line of defense

From: InfoSec News (alerts@private)
Date: Tue Aug 29 2006 - 00:05:36 PDT


http://www.gcn.com/print/25_26/41800-1.html

By Dawn S. Onley
GCN Staff
08/28/06 issue

Foreign adversaries are targeting military networks, hoping to gain 
information that could threaten network-centric operations, Army 
officials said.

There were more than 60 serious hits on Army networks between the start 
of fiscal 2006 and Aug. 5, according to service officials. Fifteen Army 
bases inside the United States were targeted in the incidents, and Army 
officials believe the intrusions are coming from perpetrators who seek 
to help foreign adversaries steal military information.

"Our belief is their motivation in Category 1 and Category 2 intrusions 
is to enable a foreign adversary to deny our president, Joint Chiefs of 
Staff (and military services) that network-centric warfare option," said 
Thomas Reardon, chief of the intelligence division with Army Network 
Enterprise Technology Command/9th Army Signal Command.

"If we are going to bet the farm on network-centric operations and we 
allow those kinds of intrusions to persist, were putting it all at 
risk."

During a session at the Armys LandWarNet Conference last week in Fort 
Lauderdale, Fla., Reardon said DOD has established a new battle command 
lexicon to define the severity of various categories of network 
intrusions. Categories 1 and 2 -- the most severe -- indicate enemy 
incoming, Reardon said. "If someone can get in, they own your network. 
That should enrage a commander or a leader."

Categories 1 and 2 suggest that a hacker has penetrated to the 
administrative or root level, or that an unauthorized person has gained 
access to "nonprivileged" information, Reardon said.

At the other end of the lexicon, Categories 5 and 7 are caused by 
authorized military personnel who either installed malicious software 
such as Trojan horses or created a vulnerability through noncompliance, 
such as failing to install a security patch.

There were more than 3,400 Category 5 events and over 2,700 Category 7 
events from Oct. 1, 2005, until Aug. 5, 2006, Reardon said.

"We're seeing now commanders taking action about these things," Reardon 
said. But it is not yet locked into Army doctrine.

At issue are commercial software products, which have components that 
are built all over the world -- even in countries that are adversarial 
to the United States.

Agencies could get some help by migrating to Microsoft Vista operating 
system, due to begin release this fall, which is the first to be built 
with security baked into the components from the start, said Craig 
Mundie, the companys chief research and strategy officer. Vista was the 
first product to be implemented under Microsofts Trustworthy Computing 
Initiative, a plan to build security, privacy and reliability -- among 
other capabilities -- into components.

"Every component is hardened," Mundie said. "The BitLocker Drive 
Encryption fully encrypts the entire Vista volume and prevents 
unauthorized disclosure of data. When it is at rest, it protects your 
Vista systems, even in unauthorized hands." Still, Reardon isnt 
convinced.

"Craig said Microsoft's Vista was the first operating system that has 
security built in from Day 1. Then you look at some of the places they 
are getting their stuff to do that," Reardon said, referring to foreign 
countries that manufacture computer parts and components.

Working group

However, a working group inside DOD is looking at ways to mitigate the 
cybersecurity threats, Reardon said, and to expand on the National 
Industrial Security Program Operating Manual, a guidance that puts 
restrictions on classified contracts, but not specifically information 
technology. "NETCOM is trying to get the working group to extend the 
definition" to anyone doing work that connects to DODs Global 
Information Grid.

"It is national policy that we use foreign vendors if it is to the 
benefit of the federal government," Reardon added. "Its not a question 
that were going to stop using this stuff, because we cannot. We just 
have to mitigate the risks."


_________________________________
HITBSecConf2006 - Malaysia 
The largest network security event in Asia 
32 internationally renowned speakers 
7 tracks of hands-on technical training sessions. 
Register now: http://conference.hitb.org/hitbsecconf2006kl/



This archive was generated by hypermail 2.1.3 : Tue Aug 29 2006 - 00:17:38 PDT