DoD Reaction To Cyberattacks On Web-Sitesgreenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread |
Cyberattacks spur talk of 3rd DOD network
New network would support e-commerce and public access to DOD Web sites
JUNE 21, 1999
BY BOB BREWIN (antenna@fcw.com)
AND DANIEL VERTON (dan_verton@fcw.com)
http://www.fcw.com/pubs/fcw/1999/0621/fcw-newsnetwork-6-21-99.html[Fair Use: For Educational/Research Purposes Only]
As part of a strategy to defend its unclassified networks against relentless cyberattacks, the Pentagon may establish a new network to handle electronic commerce and other interactions with the public while cutting off all other existing connections to the Internet.
The proposal follows an increase in the rate of cyberattacks -- many stemming from the Kosovo conflict -- on the Non-Classified Internet Protocol Router Network (NIPRNET), through which the department transmits unclassified information, including some tactical data, via the Internet.
Marv Langston, deputy assistant secretary of Defense for command, control, communications and intelligence (C3I), said top DOD officials have begun debating whether to disconnect NIPRNET from the Internet and create another network, a so-called third layer, which would provide Internet links between DOD and e-commerce partners and provide the public with access to military Web pages.
The proposed strategy, under debate by DOD officials, would leave the department with three layers of networks: the Secret Internet Protocol Router Network, for classified information; NIPRNET, which would become a virtual private network for internal DOD communications; and the new network, through which the department would communicate with its business partners and the public.
John Hamre, deputy secretary of Defense, framed the issues behind the policy debate in stark terms last week, calling the short air campaign in Yugoslavia against Serbia "the first cyberwar," citing Serb attacks against NATO's public World Wide Web pages.
"We were under a cyberattack in our operations against Serbia," Hamre said at last week's GovTechNet International Conference and Exhibition. DOD is vulnerable to such attacks because the department "routinely operates in commercial cyberspace" using NIPRNET, he said.
Lt. Gen. William Campbell, the Army's director for C3I, called the current NIPRNET policy "close to madness" because it is used to actively support military operations.
Campbell, who would like to see DOD set up the third-layer network, said the Pentagon should not compromise the security of NIPRNET to support e-commerce and interactions with the public. "The [e-commerce] tail should not wag the C3I dog," Campbell said.
Tim Bass, president and chief executive officer of the security consulting firm The Silk Road Group Ltd., said the third layer is a very wise plan. "Denial-of-service attacks against [Internet Protocol] networks are a real threat, and there is no disagreement that IP is highly vulnerable," Bass said. "Furthermore, nonclassified IP access to the Internet is now a mission-critical requirement."
Rick Forno, a security officer for Network Solutions Inc. and a former senior security analyst at the House of Representatives' Information Resources Security Office, also said DOD's plan is plausible. "All public-access networks should be on a completely compartmented environment from anything [classified "For Official Use Only"] or higher, including day-to-day routine local-area networks," he said. If properly carried out, the policy "will be a great solution," Forno said.
However, the proposed strategy is not without some obstacles, DOD officials said.
Langston, who also serves as DOD's deputy chief information officer, which gives him a key role in the network security policy debate, said, "It is difficult to unplug [DOD] from the Internet."
Establishing a third layer would, in essence, set up another U.S., if not global, DOD network, which would be expensive, Langston said.
Langston advocates protecting NIPRNET by copying a Navy initiative to secure networks with an array of technology, including intrusion-detection systems, firewalls and encryption technology.
The Navy has developed its "defense in-depth" strategy as part of an effort to build a secure Navywide intranet. Langston believes the strategy obviates the need to pull the Internet plug except under the most extreme circumstances. "The only reason to pull off the Internet is a massive cyberattack," Langston said.
Rear Adm. John Gauss, commander of the Space and Naval Warfare Systems Command, supports an ongoing NIPRNET redesign, which would involve the Defense Information Systems Agency upgrading the network's security measures. "What DISA's doing will protect DOD computing and still give us a viable means of communicating with industry," Gauss said.
Lt. Gen. William Donahue, director of communications and information for the Air Force, agreed that disconnecting NIPRNET from the Interent is not a viable option. "We're not going to disconnect from the Internet because we depend on it for too much," he said. But, he added, "You have to balance the need to connect with the need to protect."
Although a decision has not yet been made about the third network, Donahue envisions DOD reaching a stage where it initially will shut down all connections between NIPRNET and the Internet, closing all "back door" connections, and then reconnect DOD with a smaller number of open connections.
"There will probably be a finite number of connections to the Internet, and they will be protected," Donahue said. When that occurs, DOD still will need "to be serious, dedicated, dogged and persistent in protecting our network nodes," he said.
But Campbell will continue to push to cut off DOD from the Internet. "If you are going to be a pioneer...you cannot be faint of heart."
-- Diane J. Squire (sacredspaces@yahoo.com), June 21, 1999
Why is this Y2K related?Because the DoD et. al. considers cyberattacks and terrorism as part of the critical infrastructure protection issues.
Rightly so.
Diane
-- Diane J. Squire (sacredspaces@yahoo.com), June 21, 1999.
C4I, C3I.......... so much publicity lately, Diane?
-- lisa (lisa@work.now), June 21, 1999.
Strange, huh, Lisa?Just don't remember seeing the term crop up, even in Federal Computer Week, much, until now.
Diane
-- Diane J. Squire (sacredspaces@yahoo.com), June 21, 1999.
All my intuition can tell me is that they will literally be in command.... Evidently they are the best-of-breed employees the Fed has to offer. Very puzzling.
-- Lisa (lisa@work.now), June 21, 1999.
It is vitually impossible for the military to disconnect from the internet with in a short time frame. So untill this can happen they should create a 16 X 32 box firewall key encription around all critical data pages to aquire hackers identities and to cyber counterattack the attackers site, alarm code handlers and if last fire wall is hit then data is vaulted out to a lockdown cyber cell.
-- y2k aware mike (y2k aware mike @ conservation . com), June 21, 1999.
You think they don't have a firewall now? The DoD invented the internet. They were always extremely careful about isolating important data and security measures.Again Diane, why is this y2k related? Just another thing I don't get.
-- Maria (anon@ymous.com), June 21, 1999.
Maria,It's y2k related because the President made the connection in a speech back in July (I think) and then through a revision of some executive order. Can someone help me with the specifics?
Anyway, I think the term Cyberterrorism spans across both private business and military entities. That is to say that the DoD would look at a cyber attack on a large US Corp the gov or mil depends upon as an act of terrorism, etc.
Mike ===============================================================
-- Michael Taylor (mtdesign3@aol.com), June 21, 1999.
A few comments about the c4i and CINC and VCINC stuff found in the trolling threads. The prez, commander in chief, is not really known as a CINC and the vice prez is not really known as VCINC. As a matter of fact, I don't believe I've ever heard that acronym (VCINC). Most just refer to vice or deputy for the the second in command. The prez and all others are know as NCA, not CINC. CINC labels are for those who in charge of commands (you also need to be careful for this term has very specific meanings). One last note, not too many use the acronym c4i but c3i is widely used along with just c3 and c2.Now, Mike sorry but I can't take what the prez says in a speech very seriously. This guy didn't even know how to salute until he got into office. His knowledge of the military (sadly enough) is very limited.
Cyberterrorism is as old as the internet, which predates Y2K awareness. I agree that this is something both private and gov sectors are concerned with. I've worked security systems for the gov since 1990: analyzing them, testing them, assessing risk, and finding ways to improve the security posture. So I think I know a little bit about what the gov is doing to protect their data. Attacks (from terrorist and internal employees) has always been a consideration when assessing systems and the internet just presents another "door" for attack. Now I'm not sure what you wanted to really say in your post so can you explain just a bit.
-- Maria (anon@ymous.com), June 21, 1999.
Maria, in the overall scheme of things, where does C4I/C3I etc fall?Can you recall anything particularly involved that they participated in? Any anecdotes/personal interpretations?
-- Lisa (lisa@work.now), June 21, 1999.
Lisa, Not sure I know your question.
-- Maria (anon@ymous.com), June 21, 1999.
I like professional rasslin. Its real you know. I on the other hand am as fake as a 3 dollar bill.
-- Maria (anon@ymous.com), June 21, 1999.
been out of the loop awhile. Can someone point me in the direction of the threads for c3i? the c4i thread had me riveted for a good spell. I think I caught the latest on that.help
-- justme (finally@home.com), June 21, 1999.
Maria...set politics aside. I don't trust the guy either : )However, the President made the connection in a speech before the scientific community back in July, 1998. Basically, that is when the connection of "cyberterrorism" and "y2k" were co-mingled. I'm not interested in a debate bout political rhetoric...the bottom line is that it was then that the "connection" became apparent within the strategy of the government in dealing with either kind of situation. Or, perhaps, how to deal with the marraige of the two. That is, that a terrorist group might use the problems and confusion of y2k to cause chaos on the internet.
Anyway, it was at that time that a Presidential Directive was made regarding this. That is how Y2k and Cyberterrorism are connected. There is language in an Executive Order which is specific, however, I don't have the number or the link.
Mike ==========================================================
-- Michael Taylor (mtdesign3@aol.com), June 21, 1999.
JUNE 23, 1999 . . . 7:52 EDTHacker groups target Navy sites
BY BOB BREWIN (antenna@fcw.com)
AND DIANE FRANK (diane_frank@fcw.com)
http://www.fcw.com/pubs/fcw/1999/0621/web-navyhack-6-23- 99.htmlIn the wake of attacks on the FBI World Wide Web sites earlier this month, hacker groups have now turned their attention to the Navy, including the Web site of a Navy organization that helped develop sophisticated hacker-tracker software.
Last week a hacker defaced the Web site (www.nswc.navy.mil) of the Naval Surface Warfare Center's Dahlgren, Va. division with a mostly obscene message that read in part, "FEDS: You will never stop my FLOW. Nice try, though. Killing my hotmail account and all that. HAHHAHA." The Dahlgren division of NSWC helped develop the Co-operative Intrusion Detection Evaluation and Response program (www.nswc.navy.mil/ISSEC/CID/), which uses automated tools to track and analyze hacker attacks.
Another hacker -- who, based on the postings on the defaced Navy Web sites, may be engaged in hacker duel with the Dahlgren attacker -- hit the Web site of the Naval Air Warfare Center Training Systems Division (www.ntsc.navy.mil), Orlando, Fla.
This hacker, who affiliated himself with the group f0rpaxe, said on the defaced Navy page, "We own the Naval Air Warfare Center Systems Training Division. FBI spokesman said we were only doing some gov and mil servers [but] we rooted Naval Air Warfare Training Center....We had been exploring entire servers until today."
Navy spokesmen have not returned calls from FCW asking for comment on the Web attacks.
-- Diane J. Squire (sacredspaces@yahoo.com), June 24, 1999.