[ISN] Army cyber ops faces forensic backlog

From: InfoSec News <alerts_at_private>
Date: Thu, 21 Aug 2008 02:13:15 -0500 (CDT)

By Wyatt Kash

As the number of potential assaults on military information technology 
networks continues to escalate, so does the challenge of conducting 
forensic and attribution analysis in order to respond appropriately, 
said Col. Barry Hensley at the 2008 LandWarNet conference in Fort 
Lauderdale, Fla., this week.

"There are 360 million scans or attempted scans [per day] across the 
[Defense Department] network," said Hensley, director of the Army Global 
Network Operations and Security Center. But those scans are merely part 
of the noise that Army security specialists must deal with in analyzing 
a variety of incidents and potential assaults on military networks.

The difficulty, he said, is recognizing when an incident, like the 
accidental severing of undersea fiber optic cables in the Mediterranean 
Sea last year, is a disruption, a cyber attack or something more than a 
cyber attack.

One step toward improving responsiveness is "to know your network," 
Hensley said. He noted that 90 percent of the Army's LandWarNet network 
relies on undersea cable. But local land connections also present 
vulnerabilities, he said. He cited an incident where a garbage truck 
severed an overhead fiber cable knocking out service for the Army's 
southern and northern continental command centers for nine hours. 


Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
Received on Thu Aug 21 2008 - 00:13:15 PDT

This archive was generated by hypermail 2.2.0 : Thu Aug 21 2008 - 00:27:40 PDT