Return-Path: <sentto-279987-3924-1006751040-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Sun, 25 Nov 2001 21:07:08 -0800 (PST) Received: (qmail 19165 invoked by uid 510); 26 Nov 2001 05:04:26 -0000 Received: from n22.groups.yahoo.com (216.115.96.72) by all.net with SMTP; 26 Nov 2001 05:04:26 -0000 X-eGroups-Return: sentto-279987-3924-1006751040-fc=all.net@returns.groups.yahoo.com Received: from [10.1.1.223] by n22.groups.yahoo.com with NNFMP; 26 Nov 2001 05:04:00 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 26 Nov 2001 05:03:59 -0000 Received: (qmail 79170 invoked from network); 26 Nov 2001 05:03:58 -0000 Received: from unknown (216.115.97.171) by m5.grp.snv.yahoo.com with QMQP; 26 Nov 2001 05:03:58 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta3.grp.snv.yahoo.com with SMTP; 26 Nov 2001 05:03:58 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fAQ55Z532431 for iwar@onelist.com; Sun, 25 Nov 2001 21:05:35 -0800 Message-Id: <200111260505.fAQ55Z532431@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sun, 25 Nov 2001 21:05:35 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:DoD.Deploys.Cyber-Defense] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit DoD Deploys Cyber-Defense By Frank Tiboni, Defense News, 11/16/2001 No URL available. Faced with a near doubling of attacks on military computers in the past year, the guardian of the U.S. military's information systems has asked Pentagon leaders for permission to strike back. "We are no longer going to be passive. If they hit us, we'll be hitting them back real soon," U.S. Army Maj. Gen. Dave Bryan, commander, Joint Task Force-Computer Network Operations (JTF-CNO), Washington, told Defense News Nov. 7. A new, classified technology would allow the task force to retaliate, Bryan said, although he refused to provide any details. The task force currently uses conventional defense tactics to prevent access to Pentagon systems: firewalls, sensors and computer experts to look for suspicious behavior on networks. But working with the National Security Agency (NSA), the task force wants to deploy a new set of more potent responses to protect the U.S. military's data, voice and video systems. Called Active Network Defense, it would track down hackers with techniques that trace the origin of the attacks. Mobile agents would scour the routers that link computer networks. Survey probes would scan the data that passes through a network for clues about ongoing or attempted intrusions. Beaconing and tagging programs detect suspicious activity in data packets and trace their origin. Task force officials have also asked their bosses at U.S. Space Command, which is responsible for the protection of U.S. military information systems, for the authority to respond immediately to network attacks, Bryan said. JTF-CNO's request to deploy an active network defense is significant because it crosses both technological and legal boundaries, Dan Kuehl, professor, information warfare, National Defense University, told Defense News Nov. 9. Police and federal law enforcement have typically handled computer attacks, Kuehl said. JTF-CNO's use of active defense technologies could be construed as more of a law enforcement than a network-defense capability, he said. "I have no doubt that the Pentagon is discussing the legal ramifications of such a move," Kuehl said. He said the idea of deploying an active network defense does not come as a surprise after the Sept. 11 terrorist attacks because Congress has given more power to the Defense and Justice departments for intelligence and law enforcement matters. Kuehl said the use of active network defense technologies could also serve as a deterrent because hackers do not want to be traced. Currently, a long chain of command extends from Bryan to U.S. Space Command, Peterson Air Force Base, Colo., to the Office of the Secretary of Defense, up to the National Security Council in the White House and back. Bryan would not discuss how quickly he can get permission to counterattack, saying that information is classified. He said he does not know whether or when U.S. Space Command might grant his wish, nor how much it will cost. Network attacks, such as the worldwide outbreak of the Code Red and NIMDA computer virus worms this summer, have become more sophisticated. The task force detected a command-and-control capability in the worms, which let the virus find vulnerabilities in information networks, create backdoors to them and replicate rapidly, Bryan said. "We have a hacker threat," he said. Network Attacks Skyrocket In 1999, JTF-CNO officials recorded 22,144 attacks on military networks; in 2000, 23,662 attempts. They predicted about 24,000 attacks in 2001. But by Nov. 1, they had already tallied 34,398, and expect the year's total to top 40,000, Bryan said. Many of this year's attempts occurred in the wake of the April 1 collision between a U.S. spy plane and a Chinese fighter. Many others were the result of wider distribution of hacker software on the Internet. "More people are playing with them," Bryan said. Network attacks stopped after the Sept. 11 terrorist attacks, but are now surging back to normal levels. "My guess is people did not want to try to hack our systems during that time because of their patriotism," Bryan said. "Plus, it's no longer fun to hack Pentagon computer systems. We've gotten a lot better." About 1 percent of the network attacks successfully penetrate military computer networks and gain access to military information, he said. The task force's increased vigilance is paying off, said the leader of an NSA group that attacks the U.S. military's own computers, hoping to spot system weaknesses before enemies do. "Their defenses are getting better," Navy Capt. Nick Harris, who runs NSA's Red Team, told Defense News Nov. 7. Harris is chief of the Operations, Readiness and Assessments group in the Defense Information Operations division of NSA's Information Assurance directorate. Located at Fort Meade, Md., near Baltimore, NSA is best known for intercepting and analyzing satellite, telephone and radio communications. But the $4 billion U.S. intelligence agency, with a workforce of 25,000, also protects the U.S. government's information systems. Much improvement was needed, according to an April 2001 Defense Science Board report that said the Red Team penetrated the U.S. military's information systems 99 percent of the time. Harris downplayed the significance of that number, explaining it is his job to provide a threat to JTF-CNO. In addition to the Active Network Defense initiative, NSA is working on a new system called the Incident Response and Coordination Network to help government and civilian organizations handle network attacks more quickly. The agency also is compiling information and types and tendencies of network attacks into a new National Security Incident Database, Harris said at the TechNet Asia-Pacific 2001 conference, held by the Hawaii Aloha chapter of the Armed Forces Communications and Electronics Association here. The task force has 40 employees and a budget of $3 million. In 2002 and 2003, the task force's budget will increase to $10 million and $18 million - still too little, said a former White House adviser on critical infrastructure. £0987 ------------------------ Yahoo! Groups Sponsor ---------------------~--> Universal Inkjet Refill Kit $29.95 Refill any ink cartridge for less! Includes black and color ink. http://us.click.yahoo.com/XwUZwC/MkNDAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST