1 March 1999. Thanks to Anonymous.


Defense Week, March 1, 1999. Pg. 1

Hamre To Hill: 'We're In A Cyberwar'

By John Donnelly and Vince Crawley

Military computer systems are under siege by a "coordinated, organized" attack from an unknown source, the focus of an "intense" federal criminal investigation, U.S. officials told House lawmakers in a classified briefing last week. Details of the cyberassault were sketchy at press time. But Rep. Curt Weldon (R-Pa.), in an interview with Defense Week, described the situation in broad, unclassified terms.

A year ago, Deputy Secretary of Defense John Hamre said it's not a matter of if the U.S. suffers an "electronic Pearl Harbor," but when. Last Tuesday, Hamre spent most of the hour-and-15-minute closed session before two House Armed Services Committee panels outlining a single major incident. Weldon quoted Hamre as saying: "'We are at war-right now. We are in a cyberwar.'"

"These are organized, very capable efforts that have very specific goals based upon what we've seen in attacking our systems," Weldon said in the interview.

Weldon's comments indicate the latest attack is in a different class from the approximately 400 probes made each week against military computer networks, about 60 of which are considered "attacks," meaning they suggest a malicious intent.

"This is not the kind of random hacker hits that occur on a regular daily basis on the systems of all the services," Weldon said. "But they are in fact organized attacks. And on one of them they went into some detail with us, and I can't give you the detail of that one .... It's got its own name, the government is in the middle of an intense investigation, but it is a coordinated, organized effort. And it's serious ...

"It is of the highest priority that we solve this problem and protect those information systems, because we don't know in fact who's causing these attacks, whether they are nation-states, rogue groups or individual hackers, as we've seen in the past. We just don't know. And there's a combined effort by the Justice Department, the FBI and DOD in these cases to work together," he said.

'Something going on'

Pentagon spokeswoman Susan Hansen said the department could add nothing to the public record of the open, unclassified House hearing which followed the closed session. In the open hearing, though, Pentagon officials said little about the current wave of cyberattacks. News of the computer warfare comes on the heels of a statement by Pentagon Inspector General Eleanor Hill, who last week told another House panel military program managers aren't taking the threat as seriously as are senior officials. Moreover, the Y2K crisis may be diverting attention from information assurance, Hill also warned.

As for the current onslaught, a Pentagon computer-security official, knowledgeable though not directly involved in this investigation, said on condition of anonymity that common traits have surfaced among recent attacks on Pentagon systems. This fact led authorities to speculate the attacks might have a common source.

"There's something going on .... There is a pattern of attacks," the official said. "Part of the problem is tracking down and finding what is the real source." The official said the need to get court orders sometimes slows down the process of finding the intruders.

'Trusted insider'

The Pentagon has long acknowledged that its computer networks continuously are probed for weaknesses, primarily over the public Internet which, ironically, the military itself helped develop in the 1960s and 1970s. In his statement for the panel last week, Hamre warned about the enemy within.

"We are increasingly concerned about those who have legitimate access to our networks -- the trusted insider," Hamre said.

The Pentagon, he added, is now requiring people "with access to Top Secret or specially controlled access category or compartment [to] make an oral attestation that they will conform to the conditions and responsibilities imposed by that access."

Growing problem

A year ago, Hamre told lawmakers about Solar Sunrise, a series of attacks in February 1998 that targeted DOD network Domain Name Servers, exploiting a known vulnerability in an operating system called Solaris.

"The attacks were widespread, systematic and showed a pattern that indicated they might be the preparation for a coordinated attack on the Defense Information Structure," said Hamre of Solar Sunrise in his unclassified written testimony Tuesday. "The attacks targeted key parts of Defense Networks at a time we were preparing for possible military operations against Iraq."

The Solar Sunrise incident led to the establishment of 24-hour, 7-days-a-week online guard duty at important military computer sites. This increased vigilance has led, in turn, to increased reports of cyberattacks, officials say.

"Since Solar Sunrise, we've deployed a massive amount of intrusion detectors across the network," Arthur Money, senior civilian official for the Office of the Assistant Secretary of Defense (Command, Control, Communications and Intelligence) told the panel.

"We've trained people, put a lot of energy into that," Money said. "Consequently, we know more now which we didn't know before."

An after-action review of Solar Sunrise found "75 percent of that attack could [have been] blunted with well-trained system administrators," Money said. Last week, Money outlined a $100 million project which, over the next year, would "totally secure our connections to the Internet."

Holes in the defense

In addition to these actions, last December the Pentagon activated a Joint Task Force for Computer Network Defense to coordinate the defense of military and other sensitive national networks. "The crown jewels of the information age are the stuff that's in our networks, and we are relentlessly pursued by hackers," Lt. Gen. William Donahue, director of headquarters communications and information for the Air Force, testified Tuesday.

Meanwhile, the Pentagon IG had her own story to tell.

"Audits continue to show lax security measures and inadequate focus by program managers on the threat, despite clear awareness at senior levels of the need for a very high priority of information assurance," Hill told the House Government Reform Subcommittee on National Security, Veterans Affairs and International Relations.

"It is likely that Y2K conversion is temporarily distracting both resources and management attention from security concerns," she added.