The U.S. Militarys point man for global network operations says that a total overhaul of the governments classified and unclassified information networks may be necessary to ward off legions of hackers and adequately protect the military from crippling attacks in future conflicts.
The Department of Defense will soon begin evaluating the security of more than 1,500 computer networks used by the DOD and the four branches of the armed services. The DOD may propose a new network architecture that emphasizes data security, according to Air Force Lt. Gen. Charles Croom, commander of the Joint Task Force-Global Network Operations, which runs all the militarys networks.
The stark assessment comes after a sobering internal audit that turned up widespread security holes in government systems.
A DOD “stand down” in November to assess the security of user accounts turned up thousands of dormant, unauthorized or incorrectly provisioned accounts for systems managed by the department, the four branches of the military and other related agencies, Croom told an audience of government cyber-security experts and law enforcement officials at the DOD Cyber Crime Conference here last week.
Three thousand user accounts managed by the Defense Information Systems Agency, 1,500 in the U.S. Armys Korean operation and 1,200 accounts in the DODs Joint Forces Command were flagged in the audit, Croom said.
In the last year, the military has also been embarrassed by published accounts of massive, coordinated hacks of government systems. One such attack, code-named Titan Rain by the military, is believed to be a sophisticated, round-the-clock hacking program run by the Chinese government. It is believed to have compromised computer systems at a number of high-security U.S. bases, as well as aviation software used by the Army and Air Force, according to published reports.
The military now counts 100 nations that are capable of carrying out state-sponsored hacking of U.S. government systems, Croom said.
Low-level attacks are also a problem. In November, FBI agents arrested a 20-year-old California man, Jeanson James Ancheta, who allegedly used a Trojan horse program called rxbot to create a network of hundreds of thousands of infected machines, including computers belonging to DISA and the Weapons Division of the U.S. Naval Air Warfare Center.
The changes in the threat landscape prompted soul-searching within the JTF-GNO.
“As you know, we have a security issue with our networks,” Croom said. “We have to go back and verify that we have the right architecture and engineering for our networks.”
The DOD is taking steps to mitigate those security issues, such as shutting off dormant or suspect accounts and closing unused communications ports on networked computers. But larger changes may be warranted, Croom said.
For example, the DODs SIPRNet (Secret IP Router Network), which handles classified information and supports the militarys Global Command and Control System, lacks internal boundaries and security measures that limit user access to the network.
“Its a perimeter-boundary-only network. Once youre in, youre in,” Croom said.
Hypothetically, a hack in one part of SIPRNet—say, in Europe—could be used to interrupt operations anywhere else in the network, he said.
“Thats something well want to correct. We want some internal boundaries,” Croom said.
Still, the military is making progress on cyber-security, he said. The DOD simplified management of its computer networks by consolidating network operations, network defense and incident response in the JTF-GNO in June 2004. The military has also established a clear chain of command under Croom and his superior officer at the JTF-GNO, Marine Corps Gen. James Cartwright, who reports to Defense Secretary Donald Rumsfeld.
The DOD will create a new program office within DISA that will focus on developing security policies and procedures and on technology acquisition, Croom said.
The military also is in desperate need of automated systems for critical functions such as user provisioning, vulnerability scanning and assessment, and patching, he said. In addition, the military should invest in “end-to-end” security tools that can integrate information about different kinds of threats, rather than focus myopically on one particular threat, Croom said.
Croom deserves credit for grasping the magnitude of the challenge facing the U.S. military, said Alan Paller, director of research at The SANS Institute, in Bethesda, Md. But developing and deploying a new networking architecture across the military could take eight years or more, he said.