[ISN] Army rebuilds networks after hack attack

InfoSec News isn at c4i.org
Wed Sep 8 08:48:57 EDT 2004 

Forwarded from: William Knowles <wk at c4i.org>

http://www.fcw.com/fcw/articles/2004/0906/news-campb-09-06-04.asp

[Additional sidebar worth looking at.  - WK]


By Frank Tiboni 
Sept. 6, 2004

The Army has launched a massive multimillion-dollar initiative to 
secure systems at Fort Campbell, Ky., the home base for the Army's 
elite attack helicopter units, after its systems were hacked, 
officials familiar with the initiative confirmed.

The project, called the Fort Campbell Network Upgrade, which could 
cost as much as $30 million, follows the service's enterprise 
management plan to update all of the fort's computers to Microsoft 
Corp. Active Directory by January because the company will no longer 
support the Windows NT 4.0 operating system.

But industry officials familiar with the update, who requested 
anonymity because of national security and business concerns, said the 
two-phase project was launched after systems were penetrated. "There 
was a total intrusion into the network system," an industry official 
said.

"That's a lot of money to spend on [information technology] at one 
installation," said another industry official. "Do you know what the 
Army could do with $30 million for IT servicewide?"

Cybersecurity has taken a higher profile within the Defense Department 
as military officials have stressed network-centric warfare, in which 
data is put on networks much more quickly, thereby making it more 
widely available. Under this scheme, however, security becomes more 
essential because of the warfighter's dependence on this data and the 
potential ramifications if such information were to fall into enemy 
hands.

The cyberattack on Fort Campbell has spurred Army IT officials to 
increase their efforts to develop a servicewide information assurance 
plan and acquisition strategy in preparation for a procurement that 
could happen as early as next year, industry officials said.

"There is consensus among [officials] that they need to implement 
host-based intrusion detection," the industry official said.

Host-based intrusion-detection systems monitor, detect and respond to 
user and system activity and attacks on a given network. Army 
officials primarily use intrusion- detection systems in a less central 
manner.

Army officials were reluctant to discuss the cyberattacks, but people 
familiar with the incidents say the invasion of Fort Cambell's 
networks apparently took place last fall. A group of individuals from 
the Army's Computer Emergency Response Team (CERT) at Fort Belvoir, 
Va., started working at Fort Campbell as a result of the intrusion, 
the industry official said.

Army CERT officials determined that hackers penetrated the Fort 
Campbell network so they could monitor the daily exchange of 
information there. "They were actually inside the network and had been 
there for a couple months," the official said.

Army CERT officials followed the hackers' activities for a couple of 
months to determine their origin and intention. "They let it go on for 
awhile, [and] then pulled the plug," the industry official said. Fort 
Campbell IT officials then started updating the network.

Maj. Gen. James Hylton, commanding general of the Network Enterprise 
Technology Command, which includes Army CERT, declined to comment on 
the intrusion at the fort. "We are a nation at war, and although 
protection of our networks has always had a high priority, we are even 
more vigilant now," Hylton said in a written statement. "The less the 
enemy knows, the better it is for the people [who] protect our 
networks." 

"I will not go into specifics on what types of defensive measures we 
have in place," he wrote. "However, I will say that great emphasis is 
placed on constant vigilance."

Lt. Gen. Steve Boutelle, the Army's chief information officer, also 
declined to comment on the intrusion at Fort Campbell, explaining that 
information about investigations related to computer network defense 
is classified. However, Boutelle made cybersecurity one of the 
cornerstones of his presentation to Army and industry officials last 
week at the Directorate of Information Management/Army Knowledge 
Management conference. "Your systems are being attacked," he said.

Officials with the Joint Task Force-Global Network Operations 
(JTF-GNO), who oversee protection of military networks, also declined 
to comment on the intrusion. "All intrusions into [DOD] systems are 
investigated by appropriate investigative agencies," said Tim Madden, 
task force spokesman, in a statement. "JTF-GNO and the agencies 
involved do not discuss ongoing operations." 

JTF-GNO officials, however, have reported gradual increases in the 
number of attempted intrusions on the military's networks during the 
past three years. The task force reported 40,076 in 2001, 43,086 in 
2002, 54,488 in 2003 and 24,745 as of June 2004, Madden said.

"The increase simply reflects the increase in the number of computers 
and people using them worldwide," he said.

Another industry official said Army IT officials will hire 20 people 
to investigate what happened to systems at Fort Campbell and to look 
into the significant increase in attempted intrusions into Army 
networks during the past year, which Boutelle attributes to the 
current geopolitical climate.

During the past five years, DOD systems experienced similar attempted 
intrusions as military officials began carrying out their new doctrine 
of net-centric warfare. Department officials believe the intrusions 
originated in China, Brazil and Lithuania, but the only governments 
that have developed doctrines for cyberwarfare are China and India, 
said a military IT official who requested anonymity.

The department's new information assurance policies released this 
summer include the draft, titled "End-to-End Information Assurance 
Component of the Global Information Grid Integrated Architecture." The 
policies have resulted from the increase in attempted intrusions into 
DOD systems, the military official said.


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
----------------------------------------------------------------
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

More information about the ISN mailing list