Army official warns that hackers could infiltrate battlefield

[InfoSec News <isn () c4i org>]

http://www.govexec.com/dailyfed/0402/040202td1.htm

By Molly M. Peterson 
National Journal's Technology Daily 
April 2, 2002 

NEWPORT, R.I. -- Noting that a cyberterrorist attack could have grave
consequences on the battlefield, the Army's top information security
officer said Tuesday that the military must take a more proactive
approach to defending its critical information systems.

"It is conceivable, in theory, for a hacker sitting in his easy chair
to get inside a tank," Col. Thaddeus Dmuchowski, director of the
Army's Information Operations Assurance Office, said during a
conference sponsored by the National High Performance Computing &
Communications Council.

"We can't wait for the next attack to happen," Dmuchowski said. "We
have to be proactive. And in order to be proactive, we have to have as
much imagination as those who would do us harm."

Dmuchowski's imagination prompted him to stop all simulation exercises
about two weeks ago, when he learned that the Army was accessing its
simulation software--which replicates potential battlefield
situations--through an unclassified network.

If imaginative, tech-savvy adversaries had hacked into that network,
Dmuchowski said, they could have gleaned crucial data about the Army's
combat strategies, and figured out how to cripple critical
communications systems. "What good is your test and evaluation, if the
day you deploy for real, you come to a grinding halt?" he said.

Dmuchowski said cyber attacks against the Army's critical systems are
rising dramatically each year. In fiscal 2001, there were 14,641
incidents--or attempted break-ins--and 98 actual intrusions, or
successful attacks. By contrast, in fiscal 2000, there were 5,516
incidents and 64 intrusions.

But he noted that the vast majority of those intrusions were
preventable. "Ninety-eight percent of all intrusions are against known
vulnerabilities that should have been fixed," Dmuchowski said.

In an effort to eliminate those vulnerabilities, the Army is
modernizing its entire communications security infrastructure. "We're
trying to build a more robust system," Dmuchowski said. "But we need
more people, and the hardware's got to be updated. And there are some
big costs to that."

The Army also is taking steps to strengthen its information technology
workforce through college internships, advanced degree scholarship
programs for service members, and other training and education
programs. "Academia is where we get the proactiveness we need to stay
ahead of the bad guys," Dmuchowski said. "So we're spending a lot of
time doing that."

The Army also is spending a lot of time patching existing weak spots
in its critical networks, only to see new ones show up almost
immediately.

"Fortunately, we're finally getting there," Dmuchowski said. "But
we're still playing catch-up."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.