[iwar] [fc:DoD.Deploys.Cyber-Defense]

From: Fred Cohen (fc@all.net)
Date: 2001-11-25 21:05:35


Return-Path: <sentto-279987-3924-1006751040-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Sun, 25 Nov 2001 21:07:08 -0800 (PST)
Received: (qmail 19165 invoked by uid 510); 26 Nov 2001 05:04:26 -0000
Received: from n22.groups.yahoo.com (216.115.96.72) by all.net with SMTP; 26 Nov 2001 05:04:26 -0000
X-eGroups-Return: sentto-279987-3924-1006751040-fc=all.net@returns.groups.yahoo.com
Received: from [10.1.1.223] by n22.groups.yahoo.com with NNFMP; 26 Nov 2001 05:04:00 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_0_1); 26 Nov 2001 05:03:59 -0000
Received: (qmail 79170 invoked from network); 26 Nov 2001 05:03:58 -0000
Received: from unknown (216.115.97.171) by m5.grp.snv.yahoo.com with QMQP; 26 Nov 2001 05:03:58 -0000
Received: from unknown (HELO red.all.net) (65.0.156.78) by mta3.grp.snv.yahoo.com with SMTP; 26 Nov 2001 05:03:58 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fAQ55Z532431 for iwar@onelist.com; Sun, 25 Nov 2001 21:05:35 -0800
Message-Id: <200111260505.fAQ55Z532431@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Sun, 25 Nov 2001 21:05:35 -0800 (PST)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:DoD.Deploys.Cyber-Defense]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit

DoD Deploys Cyber-Defense

By Frank Tiboni, Defense News, 11/16/2001
No URL available.

Faced with a near doubling of attacks on military computers in the past
year, the guardian of the U.S. military's information systems has asked
Pentagon leaders for permission to strike back.

"We are no longer going to be passive. If they hit us, we'll be hitting
them back real soon," U.S. Army Maj. Gen. Dave Bryan, commander, Joint
Task Force-Computer Network Operations (JTF-CNO), Washington, told
Defense News Nov. 7.

A new, classified technology would allow the task force to retaliate,
Bryan said, although he refused to provide any details. 
The task force currently uses conventional defense tactics to prevent
access to Pentagon systems: firewalls, sensors and computer experts to
look for suspicious behavior on networks. But working with the National
Security Agency (NSA), the task force wants to deploy a new set of more
potent responses to protect the U.S. military's data, voice and video
systems.

Called Active Network Defense, it would track down hackers with
techniques that trace the origin of the attacks. Mobile agents would
scour the routers that link computer networks. Survey probes would scan
the data that passes through a network for clues about ongoing or
attempted intrusions. Beaconing and tagging programs detect suspicious
activity in data packets and trace their origin.

Task force officials have also asked their bosses at U.S. Space Command,
which is responsible for the protection of U.S. military information
systems, for the authority to respond immediately to network attacks,
Bryan said.

JTF-CNO's request to deploy an active network defense is significant
because it crosses both technological and legal boundaries, Dan Kuehl,
professor, information warfare, National Defense University, told
Defense News Nov. 9.

Police and federal law enforcement have typically handled computer
attacks, Kuehl said. JTF-CNO's use of active defense technologies could
be construed as more of a law enforcement than a network-defense
capability, he said.

"I have no doubt that the Pentagon is discussing the legal ramifications
of such a move," Kuehl said.

He said the idea of deploying an active network defense does not come as
a surprise after the Sept. 11 terrorist attacks because Congress has
given more power to the Defense and Justice departments for intelligence
and law enforcement matters. Kuehl said the use of active network
defense technologies could also serve as a deterrent because hackers do
not want to be traced.

Currently, a long chain of command extends from Bryan to U.S. Space
Command, Peterson Air Force Base, Colo., to the Office of the Secretary
of Defense, up to the National Security Council in the White House and
back. 
Bryan would not discuss how quickly he can get permission to
counterattack, saying that information is classified. He said he does
not know whether or when U.S. Space Command might grant his wish, nor
how much it will cost.

Network attacks, such as the worldwide outbreak of the Code Red and
NIMDA computer virus worms this summer, have become more sophisticated.
The task force detected a command-and-control capability in the worms,
which let the virus find vulnerabilities in information networks, create
backdoors to them and replicate rapidly, Bryan said.

"We have a hacker threat," he said.

Network Attacks Skyrocket

In 1999, JTF-CNO officials recorded 22,144 attacks on military networks;
in 2000, 23,662 attempts. They predicted about 24,000 attacks in 2001.
But by Nov. 1, they had already tallied 34,398, and expect the year's
total to top 40,000, Bryan said. 
Many of this year's attempts occurred in the wake of the April 1
collision between a U.S. spy plane and a Chinese fighter. Many others
were the result of wider distribution of hacker software on the
Internet.

"More people are playing with them," Bryan said.

Network attacks stopped after the Sept. 11 terrorist attacks, but are
now surging back to normal levels.

"My guess is people did not want to try to hack our systems during that
time because of their patriotism," Bryan said. "Plus, it's no longer fun
to hack Pentagon computer systems. We've gotten a lot better."

About 1 percent of the network attacks successfully penetrate military
computer networks and gain access to military information, he said. The
task force's increased vigilance is paying off, said the leader of an
NSA group that attacks the U.S. military's own computers, hoping to spot
system weaknesses before enemies do.

"Their defenses are getting better," Navy Capt. Nick Harris, who runs
NSA's Red Team, told Defense News Nov. 7. Harris is chief of the
Operations, Readiness and Assessments group in the Defense Information
Operations division of NSA's Information Assurance directorate. 
Located at Fort Meade, Md., near Baltimore, NSA is best known for
intercepting and analyzing satellite, telephone and radio
communications. But the $4 billion U.S. intelligence agency, with a
workforce of 25,000, also protects the U.S. government's information
systems.

Much improvement was needed, according to an April 2001 Defense Science
Board report that said the Red Team penetrated the U.S. military's
information systems 99 percent of the time.

Harris downplayed the significance of that number, explaining it is his
job to provide a threat to JTF-CNO. 
In addition to the Active Network Defense initiative, NSA is working on
a new system called the Incident Response and Coordination Network to
help government and civilian organizations handle network attacks more
quickly.

The agency also is compiling information and types and tendencies of
network attacks into a new National Security Incident Database, Harris
said at the TechNet Asia-Pacific 2001 conference, held by the Hawaii
Aloha chapter of the Armed Forces Communications and Electronics
Association here. 
The task force has 40 employees and a budget of $3 million. In 2002 and
2003, the task force's budget will increase to $10 million and $18
million - still too little, said a former White House adviser on
critical infrastructure. £0987

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Universal Inkjet Refill Kit $29.95
Refill any ink cartridge for less!
Includes black and color ink.
http://us.click.yahoo.com/XwUZwC/MkNDAA/ySSFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST