A senior Pentagon official has revealed details of a previously classified malware attack he declared “the most significant breach of U.S. military computers ever.”
In an article for Foreign Affairs, Deputy Defense Secretary William J. Lynn III writes that in 2008 a flash drive believed to have been infected by a foreign intelligence agency uploaded malicious code onto a network run by the military’s Central Command.
“That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control,” Lynn writes. “It was a network administrator’s worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary.”
In response to the incident, the military implemented a ban on USB devices, a prohibition that has since been modified.
“USB devices as an attack vector have significant advantages over e-mail, Web or other network-based attacks,” said Richard Wang, manager of Sophos’ lab operations in the United States. “The focus for most network attacks is the perimeter, wherever the contact between the outside world and your network first happens. However, USB devices can appear anywhere on a network because they bypass the network perimeter defenses simply by sitting in someone’s pocket.”
In addition to details on the attack, Lynn discusses the Department of Defense’s cyber-security strategy, including partnerships between the private and public sector as well as what he termed “active defenses.”
“The National Security Agency has pioneered systems that, using warnings provided by U.S. intelligence capabilities, automatically deploy defenses to counter intrusions in real time,” he writes. “Part sensor, part sentry, part sharpshooter, these active defense systems represent a fundamental shift in the U.S. approach to network defense. They work by placing scanning technology at the interface of military networks and the open Internet to detect and stop malicious code before it passes into military networks. Active defenses now protect all defense and intelligence networks in the ‘.mil’ domain.”
The goal of these strategies, he concluded, “is to make cyberspace safe so that its revolutionary innovations can enhance both the United States’ national security and its economic security.”