Chinese Hackers Prompt DoD InfoCon Increase
The Department of Defense has raised the “InfoCon” from 5 to 4. This means that there are now tighter restrictions on access to DoD systems, forced password changes and strictly enforced access control.
From the Washington Times here:
Chinese computer hackers penetrated the Naval War College network earlier this month, forcing security authorities to shut down all e-mail and official computer network work at the Navy’s school for senior officers. Navy officials said the computer attack was detected Nov. 15 and two days later the U.S. Strategic Command raised the security alert level for the Pentagon’s 12,000 computer networks and 5 million computers.
A spokesman for the Navy Cyber Defense Operations Command, located in Norfolk, said “network intrusions” were detected at the Newport, R.I., military school two weeks ago. “The system-network connection was terminated and known affected systems were removed and are being examined for forensic evidence to determine the extent of the intrusion,” said Lt. Cmdr. Doug Gabos, the spokesman.
Adm. Michael Mullen, chief of naval operations, recently directed the war college’s Strategic Studies Group to begin work to develop concepts for waging cyber-warfare, a Navy spokesman said. “The Naval War College is where the Navy’s Strategic Studies Group is planning and practicing cyber-war techniques, and now they don’t even have e-mail access,” one U.S. official said.
U.S. defense officials said intelligence reports indicated that the cyber-attack on the college came from China, which a recent congressional report said has begun a series of computer network attacks against defense and military systems in the United States code-named “Titan Rain.”
The Strategic Command directive stated that the “information condition” was to be raised Nov. 17 from Infocon 5 to Infocon 4, or heightened alert against attack. Alan Paller, a computer security specialist with the private SANS Institute, said the Chinese network attack against the war college is “the tip of the iceberg.” “The depth of the penetration is more than anybody is even admitting,” he said in an interview. “People are trying to hide this because they’re embarrassed.”
With all due respect to Mr. Paller, there is no attempt at a coverup. Security incidents within the DoD are closely guarded, which is why “people are trying to hide this.”
Part of the operational aspects of an Infocon increase within the DoD is to take easily accessible systems and enforce strict authentication. For instance, take Outlook Web Access. Normally, OWA does not require anything other than a username and a password. Now, such systems that cannot comply to a CAC card authentication are forced offline.
This is apparently what happened with the Naval War College. Those generals can whine about not having email access right now, but why were those systems so wildly out of standardization with the rest of DoD?