Army Layers Security Blankets To Guard Networks

[InfoSec News <isn () c4i org>]

http://www.newsbytes.com/news/02/176400.html

By Dawn S Onley, Government Computer News
TEMPE, ARIZONA, U.S.A.,
06 May 2002, 12:43 PM CST
 
Shortly after a military surveillance plane collided with a Chinese 
fighter last April, a two-week "cyberwar" began, and U.S. Army Web 
sites took numerous hits. 
 
More than 50 Web pages were defaced by an automated attack launched by 
supporters or agents of the People's Republic of China. The hackers 
placed anti-American sentiments in English and Chinese characters on 
some of the sites. 

But most of the attacks could have been prevented if published fixes, 
identified in Information Assurance Vulnerability Alerts, were in 
place on the hacked machines, said Lt. Col. John Quigg, chief of the 
Army's network security improvement program in the service's chief 
information office. 

An IAVA is a digital list of computer vulnerabilities. They are 
reported monthly to the chairman of the Joint Chiefs of Staff, Quigg 
said. The alerts are also posted on Army networks and warn of basic 
security measures needed to ward off viruses, worms or hackers. 

"The idea is to focus everyone's attention on the most likely attacks 
and use scanning technology to check the computers," Quigg said. 
"Getting these tools in place helps us to see the networks and get a 
little more proactive in defending them."

Since last spring, the Army has taken a serious look at how its 
networks are secured, according to senior officials. And the scrutiny 
has produced some insights, they said. 

Sensitivity Filter 

Last fall, the Army started a Web Risk Assessment Cell of about 30 
people to identify sensitive content on public Web sites that include 
data on Army operations. Quigg said the team, made up of contractors 
and Army personnel, uses keyword searches to locate sensitive Army 
information on public IP addresses. When the data is found, the team 
decides whether to edit or remove it. 

The Army got the idea from the Defense Department. Two years ago, DOD 
established its own risk assessment cell to monitor Defense Web sites 
for vulnerabilities that could compromise military operations if 
retrieved by hackers. 

Since Sept. 11, the critical protection of Army networks escalated 
another notch - to the force protection level, Quigg said. System 
administrators now brief the Army chief of staff every morning on all 
intrusions that occur. Since the war on terrorism began, there is 
greater emphasis on decreasing cyberthreats by adding layers of 
security. 

For instance, each Army installation now has at least one information 
security employee on staff. In March the Army conducted a weeklong 
information assurance awareness campaign to educate soldiers on steps 
to take to protect computer systems. 

"The important issue is to make our computer users aware of the 
procedures and security issues," said Lt. Col. Thaddeus Dmuchowski, 
director of the Army's Information Assurance Office. "It is key that 
everyone understand that cyberwarfare is an on-going threat." Last 
month, the Army awarded Harris Corp. a multimillion-dollar contract to 
protect its global networks. 

The Melbourne, Fla., company will install its Security Threat 
Avoidance Technology Scanner vulnerability assessment software on more 
than 1.5 million Army systems and will provide maintenance for three 
years. 

STAT Scanner searches for vulnerabilities in strategic and tactical 
networks at both active and reserve units. The software shows systems 
administrators a comprehensive analysis of vulnerabilities and risk 
levels, Quigg said. 

STAT Scanner works with the vulnerability alerts, Quigg added. The 
software runs on Microsoft Windows NT, Win 2000, XP, Linux and Sun 
Solaris platforms and can repair some vulnerabilities. 

The efforts reduced the percentage of successful attacks, even as the 
Army continues to see an increase in attempts by hackers to breach 
systems. In 2000, one in every 86 attacks on Army computer networks 
succeeded. Last year, only one attack in 149 was successful. 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.