Saturday, March 15, 2008

General Lays Out Challenges of Defending Cyberspace

By Jim Garamone
American Forces Press Service

March 14, 2008 -
Air Force Minuteman and Navy Trident missiles stand outside the headquarters of U.S. Strategic Command here as reminders of the command's mission of strategic deterrence and nuclear operations. But walking past the missiles are servicemembers using cell phones and other wireless devices. And that, too, represents a mission of the command: cyberspace operations.

Air Force Gen. Kevin P. Chilton, commander of U.S. Strategic Command, said defense networks see more than a million suspicious "hits" a day.

"These are pings where someone is coming in and trying to open something or access information from someone within our
military networks," Chilton said during an interview March 11. "This could be everything from some curious citizens, to people who maybe are trying to hack for sport, to people who are trying to collect information."

He said what concerns the command is what some people call data mining. This is where analysts use
computers to shift through enormous quantities of data to glean information. It is the new form of espionage.

"The way I think of it is various organizations are coming in and doing espionage work," the general said. "You can imagine the downloading of files from personnel agencies or other branches of government."

In the past, to get that information "you would hire someone to break in with a flashlight in their teeth and go through the drawer and photograph the files," Chilton said. Now, all this information is stored on discs or on
computers. Spies don't have to leave a computer terminal in their own countries to try to get this information.

China has written openly of
cyber warfare, and U.S. officials write in the current "Military Power of the Peoples' Republic of China" assessment that Chinese officials see cyber warfare as an asymmetric brand of warfare.

"China's current thinking on asymmetric warfare is encapsulated by a
military theory termed 'non-contact,' which seeks to attain a political goal by looking for auxiliary means beyond military boundaries or limits," the publication says. "Examples include: cyber warfare against civilian and military networks – especially against communications and logistics nodes; fifth column attacks, including sabotage and subversion, attacks on financial infrastructure; and, information operations."

There have been a number of "intrusions" against DoD computers from China, but the United States has not attributed these to any country. "The thing about China that gives us pause is they have written openly about their emphasis in particular areas: space,
cyber," Chilton said.

In the
cyber world it is tough to figure out who is attacking. In April 2007, Estonia came under cyber attack. The denial-of-service attack targeted the government, banks, newspapers and other computer dependent businesses. Estonian officials immediately charged Russia with initiating the attacks, but to date, a computer hacker in Estonia has been the only person charged in the attack.

"The kind of attack that you would worry about is the kinds of things we saw in Estonia last year -- a denial-of-service attack, where they flood the system with so many e-mail 'botnets' you don't shut the system down, but you slow it down to the point that it's unusable," the general said.

STRATCOM and the rest of the
military are more aware than ever of intrusions of their networks, reporting on them and taking actions.

"A big step forward for us was unity of effort," the general said. Joint Task Force Global Network Operations is part of the command tasked with defending the
military and classified systems. The task force put in place guidelines and restrictions for the way the services operate in the cyber world. This includes security measures, firewalls and what people shouldn't be doing, the general said.

"We have a lot of work in front of us in training people in our
military, because defense of the network goes from high-end technical solutions to the very low-end, which is making sure the very newest and youngest person on the network understands that their actions can create vulnerability that is significant and teach them what to watch out for and what they should and shouldn't do," Chilton said.

All
computer defenders must be worried about the whole range of attacks or intrusions, Chilton said.

"You have to be worried about it all -- I mean, we can have a bored 16-year-old do damage to our networks," he noted. "It's not just a nation-state that you worry about. It can be from any organization like al Qaeda."

No comments: