IP: GAO report criticizes DoD SBU computer security

[Dave Farber <farber () central cis upenn edu>]

Date: Thu, 23 May 96 07:43:38 EDT
From: landwehr () itd nrl navy mil (Carl Landwehr)
To: farber () central cis upenn edu


For IP list, if you think it of interest.  I suspect newspapers may
carry reports today.  I wrote this item for the IEEE Cipher newsletter, at
http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher
from the CSPAN2 rebroadcast.
--Carl Landwehr


[22 May 1996] Testifying before the Senate Governmental Affairs Committee,
General Accounting Office (GAO) representatives Keith Rhodes and Jack Brock 
released a report criticizing security in DoD computer systems holding
sensitive but unclassified (SBU) information.  According to the testimony, 
the DoD estimated that these systems are subjected to a total of about 
250,000 "probes" each year, although this number was acknowledged to be 
only a guess.  The testimony indicated that about 65% of in-house attempts 
to penetrate these systems succeeded (a somewhat lower fraction than 
previously reported), that only a small fraction of these penetrations 
were detected, and that a similarly small fraction of detected penetrations 
were reported.  The report calls for improved training of system 
administrators and other measures to improve the security of these systems.  
The report was said to be available at the http://www.gao.gov/>GAO 
web site, but at this writing (22 May), the site was not responding to 
attempts to gain access to it.  


Jim Christy of the Air Force Office of Special Investigations described 
an intrusion in spring 1994 into the Air Force Rome Laboratory's
computer systems about two years ago by a 16-year old
UK youth known as "Datastream," who was apprehended. Another hacker
involved, known as "Kuji" who was never located.  The reported
cost of recovering from the intrustion was about $500,000.  Planned testimony 
by Cliff Stoll, Peter Neumann, and Robert Anderson was postponed when
committee members had to return to the Senate floor to vote.