Military clamping down on security

Amid growing concern about hacker infiltrations into military computers, the top commander for the Department of Defense network operations has ordered a crackdown on security.

Lt. General Charles Croom, commander of the Joint Task Force on Global Network Operations and director of the Defense Information Systems Agency (DISA), last week said a sweep is underway of all Defense Department networks to uncover security holes amid a get-tough policy.

“The attacks are coming from everywhere and they’re getting better,” said Croom in his keynote address at the Department of Defense Cyber Crime Conference here last week. “They’re exploiting weaknesses in our detection tools.”

The discovery of a botnet last November inside Defense Department networks — Jeanson James Ancheta, 20, was arrested by the FBI for allegedly implanting and running the remotely controlled spyware inside the department and elsewhere — contributed to the decision to clamp down security.

“It started on Nov. 5th with an information assurance stand-down day,” Croom told the roughly 500 conference attendees. The military stand-down — a cessation of regular activities in order to probe security problems — is ongoing as DISA attempts to verify the tens of thousands of user accounts for Army, Navy and Air Force personnel.

So far, the results are troubling.

“Almost 20% of our accounts are unauthorized or had expired,” Croom said, noting that military personnel tend to move every two or three years and accounts are sometimes left open. The exact tally of improper accounts won’t be known until March, he said.

In addition, the military is increasingly fending off targeted phishing attempts in which attackers try to spoof victims into giving up passwords.

Back doors left open by not properly shutting down network circuits also are of concern to Croom, who has held the top job in Defense Department network operations since July when he succeeded Lt. Gen. Harry Raduege. Croom said the paperwork for circuits must be in order or the circuit will be shut down.

“Last week we closed down four circuits to users,” Croom said, though not identifying the exact locations. “Now I get an e-mail saying the paperwork will be in today.” This get-tough approach is needed to put teeth into already-existing policy.

The biggest changes to come may be in the next six months as the JTF-GNO, the organization set up to centralize decisions about security and operations in the Army, Navy, Air Force and Marines, evaluates a possible redesign of its two primary global IP-based military networks.

The NIPRNet (Non-Secure Internet Protocol Router Network) is used for unclassified communications while the SIPRNet (Secret IP Router Network) is used for classified communications. “DISA wants to redesign these networks with security as the up-front criteria,” Croom said.

The decades-old NIPRNet is a non-homogeneous combination of more than 1,500 networks, said Gen. Croom, adding that he originally helped wire some of it by hand himself. The SIPRNet has better security at its perimeter, but could benefit from internal partitioning, he said.