[ISN] DOD reveals viral infection

InfoSec News isn at c4i.org
Wed Sep 1 13:23:19 EDT 2004 

Forwarded from: William Knowles <wk at c4i.org>

http://www.fcw.com/fcw/articles/2004/0830/web-siprnet-08-31-04.asp

By Bob Brewin 
Published on Aug 31, 2004 

FT. LAUDERDALE, Fla. - A virus infected two computers managed by the
Army Space and Missile Defense Command operating on the Defense
Department's classified Internet recently, according to Lt. Gen Larry
Dodgen, head of the command.

Dodgen, speaking here at the Army Director of Information Management
(DOIM) conference said two computers in the Space and Missile Defense
command connected to the DOD Secret Internet Protocol Router Network
(SIPRNET) were infected because they did not have any virus
protection.

The breach of security, Dodgen said, illustrated the need for
"diligence, diligence, diligence" when it comes to information
security and assurance - although he described his initial reaction to
the incident as, "Who are we going to shoot?"

William Congo, a spokesman for the Huntsville, Ala.-based Space and
Missile Defense Command said the two computers were located at a
facility in Colorado Springs, Colo. The viruses were detected quickly
and the two computers were then isolated from the SIPRNET, Congo
added. The incident occurred "within the past month" and officials are
still investigating the matter to determine how the infection occurred
and prevent future occurrences, he said.

Other Army officials also underscored the need for better information
security. Despite years of emphasis, the Army still does a poor job of
protecting its information systems, said Lt. Gen Steve Boutelle, the
Army's chief information officer, in a speech here. "How many accounts
still have no password?" Boutelle asked.

But, he added, that will change now that "information assurance is a
commander's responsibility," not just the job of the Army's IT
establishment.

Linton Wells, acting secretary of networks and information integration
also emphasized information security in his presentation. "Security is
not an appliqué," or add-on in the era of network-centric warfare,
Wells said. Security attributes must be built into systems from the
start, he said, adding that the "most stupid thing" the military could
do is build a "ubiquitous, global network that is insecure."


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
----------------------------------------------------------------
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

More information about the ISN mailing list