A Blog by Jonathan Low

 

Jul 16, 2011

Hack Attack: Pentagon Unveils Preemptive Cyber War Strategy


Corporate hacks are a precursor of more lethal attacks to come. The Pentagon, in a clever bit of communications arbitrage announced a new preemptive cyber war strategy adding, in an 'oh by the way' fashion that it had suffered its worst hack ever in March. An unnamed 'foreign intelligence service' managed to penetrate a corporate defense contractor's system and made off with 24,000 files. For those who are keeping score at home, that is a lot.

Some of the corporate hacks are for money - access to credit card numbers and competitively sensitive business intelligence. But some are tests of the system should a more serious conflict break out. It is not that the defense establishment is not aware and not taking the threat seriously, it is that they are playing catch-up, having assumed until a few years ago that US systems and resources were vastly superior to, let's pick a name out of hat, how about China?

The strategy is a bit vague, understandably, but the twinned announcement, linking the new operational focus with the recent attack sends the message that they get that those prior assumptions are as out of date as a cavalry charge. JL

Thom Shenker and Elizabeth Bumiller report in the New York Times:
The Defense Department suffered one of its worst digital attacks in history in March, when a foreign intelligence service hacked into the computer system of a corporate contractor and obtained 24,000 Pentagon files during a single intrusion, senior officials said Thursday.

The disclosure came as the Pentagon released a strategy for military operations in cyberspace, embodying a belief that traditional passive programs for defending military and associated corporate data systems are insufficient in an era when espionage, crime, disruptions and outright attacks are increasingly carried out over the Internet.
In releasing the strategy, William J. Lynn III, the deputy defense secretary, disclosed that over the years crucial files stolen from defense and industry data networks have included plans for missile tracking systems, satellite navigation devices, surveillance drones and top-of-the-line jet fighters.

“A great deal of it concerns our most sensitive systems, including aircraft avionics, surveillance technologies, satellite communications systems and network security protocols,” Mr. Lynn said.

Officials declined to identify the military contractor whose data system was compromised in the March attack. They also refused to name the nation they suspected was the culprit, saying that any accusation was a matter of official, and perhaps confidential, diplomatic dialogue.

However, when major intrusions against computers operated by the Pentagon, the military or defense industry contractors have occurred in the past, officials have regularly blamed China, and sometimes Russia.

The hacking attack in March, which stole important Pentagon files in the computer network of a contractor developing a military system, had not been previously disclosed. Other breaches have been discussed, including earlier this year at Lockheed Martin, the nation’s largest military contractor, and at RSA Security, which produces electronic identification for computer users.

“Current countermeasures have not stopped this outflow of sensitive information,” Mr. Lynn said during a speech at the National Defense University. “We need to do more to guard our digital storehouses of design innovation.”

The Pentagon’s new strategy, the final piece of an effort by the Obama administration to defend computer networks operated across the government and private sector, calls for what is termed dynamic defense: looking for potential attackers on the Internet rather than waiting for an intruder to attack. It also calls on the Pentagon to build resiliency into its computer networks to help recover if attacked.

Mr. Lynn also stressed the importance of cooperation with foreign partners to spot computer network threats overseas, before they compromise systems here.

But James Lewis, an expert on computer network warfare at the Center for Strategic and International Studies, said the Pentagon’s computer networks were vulnerable to security gaps in the systems of allies with whom the military cooperates. America’s allies are “all over the map” on cybersecurity issues, Mr. Lewis said. “Some are very, very capable — and some are clueless.”

The military’s Cyber Command was created to coordinate defensive and offensive operations for Pentagon and military computer networks. Officials speak obliquely of its capabilities for carrying out offensive operations in cyberspace if ordered by the president. And for now, the new strategy is centered on how the United States can defend itself.

But Gen. James E. Cartwright, the vice chairman of the Joint Chiefs of Staff, said the Pentagon also had to focus on offense — including the possibility of responding to a cyberattack with military action.

“If it’s O.K. to attack me, and I’m not going to do anything other than improve my defenses every time you attack me, it’s very difficult to come up with a deterrent strategy,” General Cartwright told reporters on Thursday.

He said that in regard to cyberdefense, American military commanders were now devoting 90 percent of their attention to building better firewalls and only 10 percent to ways of deterring hackers from attacking. He said a better strategy would be the reverse, focusing almost entirely on offense.

The Pentagon, he said, needs a strategy “that says to the attacker, ‘If you do this, the price to you is going to go up, and it’s going to ever escalate.’ ” He added that right now “we’re on a path that is too predictable — it’s purely defensive. There is no penalty for attacking right now.”

Officials say the main challenge for the United States in a retaliatory cyberoperation is determining the attacker. The Internet makes it relatively easy for online assailants to mask identities, even if the geographic location where the attack originated can be confirmed.

Mr. Lynn said most major efforts to penetrate crucial military computer networks were still undertaken by large rival nations. “U.S. military power offers a strong deterrent against overtly destructive attacks,” he said. “Although attribution in cyberspace can be difficult, the risk of discovery and response for a major nation is still too great to risk launching destructive attacks against the United States.”

However, he warned that the technical expertise needed to carry out harmful Internet raids was certain to migrate to smaller rogue states and to nonstate actors, in particular terrorists.

If a terrorist group obtains “disruptive or destructive cybertools, we have to assume they will strike with little hesitation,” Mr. Lynn said.

The new strategy describes how the military’s capabilities would support the Department of Homeland Security and federal law enforcement agencies. And it acknowledges how much the military relies on private sector computer networks for such vital supplies as electricity.

0 comments:

Post a Comment