DOD braced for cyberattack

BY George I. Seffers 05/09/2001 RELATED LINKS

"Fed Web defacings called 'nuisance’" [Federal Computer Week, May 7, 2001]

"Hackers vandalize California sites" [FCW.com, May 2, 2001]

"Hackers deface federal sites" [FCW.com, May 1, 2001]

"Feds schooled by 'zombies’" [Federal Computer Week, Feb. 21, 2000]

During a barrage of computer hacks by Chinese activists, Defense Department networks have been scanned more than 2 million times since the end of last week, and DOD’s information warriors have been debating how best to cope with a possible denial-of-service attack.

Officials within the Defense Information Systems Agency and the Joint Task Force-Computer Network Operations worked late on April 27 fretting about and planning for a denial-of-service attack that has not materialized.

Struggling to choose the right words and avoid saying too much in a nonclassified setting, Col. Larry Huffman, director of the Global Network Operations Center within DISA, described the planning sessions.

"This [past] weekend, we were looking very close at one of the nation states that is a potential threat to the United States," Huffman said Monday during the SecurE-Gov conference in Crystal City, Va. "In fact, Friday night we were sitting with the [joint task force] and attempting to think out countermeasures to a potential denial-of-service threat, which has not materialized, thank heavens. This morning I looked at one of our tools, and I saw 2 million probes or scans from a Chinese source."

That’s significant because would-be network intruders conduct scans and probes to explore potential vulnerabilities in a network.

The Global Network Operations Center houses the JTF-CNO, formed in 1998 as the Joint Task Force-Computer Network Defense. The task force took on the network-attack mission in early April, resulting in the name change.

The department’s biggest network-security challenge is in coping with the gateways between the unclassified networks and the public Internet, Huffman said. He reported that an estimated 3 million customers use the unclassified networks, and 70 percent of that traffic goes to and from the Internet.

"Today, we have 13 different gateways to the Internet, and we are attempting to police all those back doors," Huffman said. He added that during the weekend, the department upgraded the size of its network "pipes," which likely will lead to another increase in demand.

DISA is working with the Defense Information Assurance Program and the Joint Staff on an initiative called the Ports and Protocol Registration "because we cannot have a firewall policy without some kind of registration capability," Huffman said.

Viruses and malicious code also present a unique problem, according to Huffman. "We see an average of about 10 new viruses a month. The problem that we have is what I call "the boy who cried wolf syndrome.’ If we cried wolf for every virus, then no one would believe it’s a problem. So we have to closely vet a virus when it comes out and ensure it is a significant potential danger."

http://www.fcw.com/fcw/articles/2001/0507/web-hack-05-09-01.asp

-- Martin Thompson (mthom1927@aol.com), May 09, 2001