Crossroads Blog | Institute National Security and Counterterrorism

Current Affairs, Cyber Exploitation, deterrence, regulation

Expert: Pentagon Cybersecurity Changes “very basic, very late”

CNN reports, in an article by Ashley Fantz dated December 2, 2010, that following the summer release of thousands of pages of classified U.S. intelligence by the website WikiLeaks.org, the Pentagon responded with a pledge to "fix loopholes in its computer systems."  Several months later, progress is "'ridiculous.'"  

According to Pentagon spokesman Bryan Whitman, only "[s]ixty percent of the Defense Department's computer system is now equipped with software capable of 'monitoring unusual data access or usage.'"  Whitman gave that statement via email only "hours before WikiLeaks published diplomatic cables that revealed a spiderweb of secrets covering nearly every crisis, controversy and diplomatic headache involving the U.S."

"'Only [sixty] percent?  That's ridiculous.  You would never hear a corporation saying they have anything less than 90 percent cyber security'" says Hemu Nigam, an expert in computer security with two decades in the field and experience working with the U.S. Secret Service, the FBI and Interpol.  Nigam currently runs SSP Blue, "an advisory firm that tells major corporations how to protect against hackers and insiders looking to leak."

With regard to what measures the Pentagon has taken, Nigam says "[i]t's all very basic, and very late."

Among the procedures currently underway to secure the Pentagon's computer networks are "'disabling all write capability to removable media on DoD classified computers, as a temporary technical solution to mitigate the future risks of personnel moving classified data to unclassified systems.'" In response, Nigam said "[t]his is an easy fix to make — I don't know of any businesses that don't have this kind of wall up to protect sensitive internal information.'"

Speaking on what steps he would recommend, Nigam advise was straightforward.  "'[A]n assessment of how someone penetrated the system, from where, what was taken and who else is still possibly inside doing damage'" would be the starting point.  Additionally, Nigam stated that the "military would be wise to hire more white-hat hackers, if it is having difficulty securing computer networks, or reach out to the private sector."  Interestingly, there is some indication that the military may already be exploring this possibility.  According to PC World, the military "[has] tried to recruit at major hacking conventions."  (FYI: A "white-hat hacker" is someone who is hired to hack in order to expose vulnerabilities).

According to CNN, the Pentagon has known of the threat posed by WikiLeaks for years.  "In 2008, the U.S. Army Counterintelligence Center and the Department of Defense wrote a . . . threat assessment report about WikiLeaks."  Although that report was classified, WikiLeaks obtained a copy and published it in the spring of this year.  

*****

As you may or may not know, even if a classified document has been disclosed, it retains its classification.  Only when officially declassified is a sensitive document available for public release. So I'm not sure if the Counterintelligence Center's report on WikiLeaks has been declassified, but CNN did try to provide a link to the report, and as of this entry that link was not working.

 

The full article can be found above, or here

 

 

 

Leave a Reply

Bitnami