[ISN] Successful cyberattacks against DOD drop

From: InfoSec News (alerts@private)
Date: Thu Mar 29 2007 - 22:37:22 PST


By Bob Brewin
March 29, 2007

The number of successful cyberattacks against Defense Department 
networks and information systems declined from about 130 in January 2005 
to about 40 in January 2007, Air Force Lt. Gen. Charles Croom, director 
of the Defense Information Systems Agency, told a House Armed Services 
Committee subcommittee hearing March 28.

In testimony to the House Terrorism, Unconventional Threats and 
Capabilities Subcommittee, Croom said the decline in successful attacks 
occurred at the same time DOD deterred increasingly larger numbers of 
attacks and probes against its information systems.

The number of what Croom called cyber incidents grew from 16,000 in 2004 
to 23,000 in 2005 and 30,000 in 2006, he said, in addition to cyberscans 
running about four times that number each year. But the majority of 
those probes were unsuccessful attacks, he added.

DOD has also been able to reduce the number of computers hijacked to run 
automated Internet attacks, Croom said. Although botnet activity on the 
Internet increased about 110 percent between February 2005 and December 
2006, the number of DOD computers used in botnet attacks declined 61 
percent in the same period, he said.

The decline in the number of attacks against DOD information systems is 
a result of improved computer configuration control and the use of 
public-key infrastructure encryption for sign-ins and log-ons to DOD 
computers and information systems, Croom said.

The department continues to spend heavily to protect its networks and 
information systems, John Grimes DODs chief information officer and 
assistant secretary of Defense for networks and information integration, 
said at the hearing. DOD plans to spend $2.5 billion on information 
assurance in fiscal 2008, Grimes said.

Visit the InfoSec News Security Bookstore

This archive was generated by hypermail 2.1.3 : Thu Mar 29 2007 - 22:52:57 PST