[ISN] Army rebuilds networks after hack attack
isn at c4i.org
Wed Sep 8 08:48:57 EDT 2004
Forwarded from: William Knowles <wk at c4i.org>
[Additional sidebar worth looking at. - WK]
By Frank Tiboni
Sept. 6, 2004
The Army has launched a massive multimillion-dollar initiative to
secure systems at Fort Campbell, Ky., the home base for the Army's
elite attack helicopter units, after its systems were hacked,
officials familiar with the initiative confirmed.
The project, called the Fort Campbell Network Upgrade, which could
cost as much as $30 million, follows the service's enterprise
management plan to update all of the fort's computers to Microsoft
Corp. Active Directory by January because the company will no longer
support the Windows NT 4.0 operating system.
But industry officials familiar with the update, who requested
anonymity because of national security and business concerns, said the
two-phase project was launched after systems were penetrated. "There
was a total intrusion into the network system," an industry official
"That's a lot of money to spend on [information technology] at one
installation," said another industry official. "Do you know what the
Army could do with $30 million for IT servicewide?"
Cybersecurity has taken a higher profile within the Defense Department
as military officials have stressed network-centric warfare, in which
data is put on networks much more quickly, thereby making it more
widely available. Under this scheme, however, security becomes more
essential because of the warfighter's dependence on this data and the
potential ramifications if such information were to fall into enemy
The cyberattack on Fort Campbell has spurred Army IT officials to
increase their efforts to develop a servicewide information assurance
plan and acquisition strategy in preparation for a procurement that
could happen as early as next year, industry officials said.
"There is consensus among [officials] that they need to implement
host-based intrusion detection," the industry official said.
Host-based intrusion-detection systems monitor, detect and respond to
user and system activity and attacks on a given network. Army
officials primarily use intrusion- detection systems in a less central
Army officials were reluctant to discuss the cyberattacks, but people
familiar with the incidents say the invasion of Fort Cambell's
networks apparently took place last fall. A group of individuals from
the Army's Computer Emergency Response Team (CERT) at Fort Belvoir,
Va., started working at Fort Campbell as a result of the intrusion,
the industry official said.
Army CERT officials determined that hackers penetrated the Fort
Campbell network so they could monitor the daily exchange of
information there. "They were actually inside the network and had been
there for a couple months," the official said.
Army CERT officials followed the hackers' activities for a couple of
months to determine their origin and intention. "They let it go on for
awhile, [and] then pulled the plug," the industry official said. Fort
Campbell IT officials then started updating the network.
Maj. Gen. James Hylton, commanding general of the Network Enterprise
Technology Command, which includes Army CERT, declined to comment on
the intrusion at the fort. "We are a nation at war, and although
protection of our networks has always had a high priority, we are even
more vigilant now," Hylton said in a written statement. "The less the
enemy knows, the better it is for the people [who] protect our
"I will not go into specifics on what types of defensive measures we
have in place," he wrote. "However, I will say that great emphasis is
placed on constant vigilance."
Lt. Gen. Steve Boutelle, the Army's chief information officer, also
declined to comment on the intrusion at Fort Campbell, explaining that
information about investigations related to computer network defense
is classified. However, Boutelle made cybersecurity one of the
cornerstones of his presentation to Army and industry officials last
week at the Directorate of Information Management/Army Knowledge
Management conference. "Your systems are being attacked," he said.
Officials with the Joint Task Force-Global Network Operations
(JTF-GNO), who oversee protection of military networks, also declined
to comment on the intrusion. "All intrusions into [DOD] systems are
investigated by appropriate investigative agencies," said Tim Madden,
task force spokesman, in a statement. "JTF-GNO and the agencies
involved do not discuss ongoing operations."
JTF-GNO officials, however, have reported gradual increases in the
number of attempted intrusions on the military's networks during the
past three years. The task force reported 40,076 in 2001, 43,086 in
2002, 54,488 in 2003 and 24,745 as of June 2004, Madden said.
"The increase simply reflects the increase in the number of computers
and people using them worldwide," he said.
Another industry official said Army IT officials will hire 20 people
to investigate what happened to systems at Fort Campbell and to look
into the significant increase in attempted intrusions into Army
networks during the past year, which Boutelle attributes to the
current geopolitical climate.
During the past five years, DOD systems experienced similar attempted
intrusions as military officials began carrying out their new doctrine
of net-centric warfare. Department officials believe the intrusions
originated in China, Brazil and Lithuania, but the only governments
that have developed doctrines for cyberwarfare are China and India,
said a military IT official who requested anonymity.
The department's new information assurance policies released this
summer include the draft, titled "End-to-End Information Assurance
Component of the Global Information Grid Integrated Architecture." The
policies have resulted from the increase in attempted intrusions into
DOD systems, the military official said.
"Communications without intelligence is noise; Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
More information about the ISN