A Defense Department official discusses details of a formerly classified cyber-attack that he described as the worst breach of U.S. military computers in history.
A senior Pentagon official has revealed details of a previously classified malware
attack he declared "the most significant breach of U.S.
military computers ever."
In an article
for Foreign Affairs
, Deputy Defense Secretary William J. Lynn III writes
that in 2008 a flash drive believed to have been infected by a foreign intelligence
agency uploaded malicious code onto a network run by the military's Central
"That code spread undetected on both classified and unclassified
systems, establishing what amounted to a digital beachhead, from which data
could be transferred to servers under foreign control," Lynn
writes. "It was a network administrator's worst fear: a rogue program
operating silently, poised to deliver operational plans into the hands of an
In response to the incident, the military implemented a ban on USB
devices, a prohibition
that has since been modified
"USB devices as an attack vector
have significant advantages over e-mail, Web or other network-based attacks,"
said Richard Wang, manager of Sophos' lab operations in the United
States. "The focus for most network
attacks is the perimeter, wherever the contact between the outside world and
your network first happens. However,
can appear anywhere on a network because they bypass the
network perimeter defenses simply by sitting in someone's pocket."
In addition to details on the attack, Lynn
discusses the Department of Defense's cyber-security strategy, including
partnerships between the private and public sector as well as what he termed
"The National Security Agency has pioneered
, using warnings provided by U.S.
intelligence capabilities, automatically deploy defenses to counter intrusions
in real time," he writes. "Part sensor, part sentry, part
sharpshooter, these active defense systems represent a fundamental shift in the
to network defense. They work by placing scanning technology at the interface
of military networks and the open Internet to detect and stop malicious code
before it passes into military networks. Active defenses now protect all
defense and intelligence networks in the '.mil' domain."
The goal of these strategies, he concluded, "is to make cyberspace safe
so that its revolutionary innovations can enhance both the United
States' national security and its economic