The big headline in today's Los Angles Times reads "Cyber-attack on Defense Department computers raises concerns" Raises concerns? Are you kidding me? I've been saying this for a while, the current US Network Centric defenses are in a complete state of disarray and everyone outside of the U.S. knows it. Saying it's a concern is putting it mildly.
In the LA Times article they had this to say about the current attack "Senior military leaders took the exceptional step of briefing President Bush this week on a severe and widespread electronic attack on Defense Department computers that may have originated in Russia -- an incursion that posed unusual concern among commanders and raised potential implications for national security."
This should not come as a surprise to anyone involved in Network Centric Operations / Warfare. Since 9/11 the the US Defense Information Systems Agency (DISA) has spent billions on various intelligence schemes, but has completely failed in the area's of proactive network defense. (As a side note, DISA is a combat support agency responsible for planning, engineering, acquiring, fielding, and supporting global net-centric solutions to serve the needs of the President, Vice President, the Secretary of Defense, and other DoD Components, under all conditions of peace and war.)
At DISA there seems to be a fixation on data mining communications networks in the vain attempt to find terrorists using the US phone system or un-encrypted websites. The real issue is a complete lack of DoD network interoperability for joint, interagency, and multi-national network operations. One major step is through the adoption of open standards and common processes. In the mean time, countries such as China and Russia in particular, have built massive citizen botnets. In an instant, Russia can turn on a hundred thousand slave PC's and bring down the entire networks of Georgia, Ukraine or some other unsuspecting country before the US or other allies even know what's happening. (Look at Georgia this summer)
This current attack on the DoD is a relatively minor diversion in comparison to what a full out, planned network centric attack could actually do. Think about the potential fall out if the US electrical grid, cell / phone network and financial infrastructure was to be attacked in unison and taken offline all at once. Combine that with if it were to happen during the midst of an actual "crisis" such as what we're currently seeing in India this week. The turmoil would be unprecedented.
DISA isn't alone in this new age of cyber warfare. Earlier this year the World Bank revealed a significant intrusion with in the banks highly restricted treasury network. In the attack it was revealed that the banks core systems had been deeply penetrated with "spy software", and that the invaders also had full access to the rest of the bank's network for nearly a month in June and July of 2007. At least six major breaches have been detected at the World Bank since the summer of 2007, with the most recent breach occurring just last month. What is worse, this has been "common knowledge" in the black hat security scene for more then 6 months before it was disclosed to the public.
In fairness to the World Bank and the US DoD, they are not alone, every single G7/G8 government has suffered similar breaches over the last couple years. What's scary is the fact that most of these countries have not disclosed these breaches publicly. Lately most of these countries seem to be pre-occupied with the current financial crisis while a far more dangerous crisis sits in waiting. As conspiracy theorist, I can't help but think the two might be somewhat connected. Traditional terrorism doesn't work, in the new world order it's those who control the network who hold the power.
Recently I've been invited to speak at the Network Centric Operations Industry Consortium (NCOIC ) on the topic of network centric operations and interoperability. Unfortunately because of my wife being in her 9th month of pregnancy, I will miss the next event on Dec 11th.
I think NCOIC mission sums up the challenges nicely: "The deciding factor in any military conflict is not the weaponry, it is the network. The missing link in today's disaster recovery efforts is a working network. And the key to emergency response is accurate information that enables first-responders to know what happened, who's responded, and what is still required. From the warrior to emergency personnel to the modern day consumer, access to all information, without regard to hardware, software, or location of the user, is no longer attractive, it is imperative."
