A document released recently showed that the concerns and responses of Pentagon as regards to internet security threats have not undergone any major changes over the last ten years. The report was obtained by War Is Boring through Freedom of Information Act. Experts are of the opinion that Pentagon’s current status as regards to internet security is both good and bad. In the meantime, American legislators are debating the future of the top internet security headquarters of the military.
It was in 2006 that the Pentagon carried out a mock professional attack across the computer networks of the military to determine as to how the troops belonging to different units communicated in the event of an internet security breach by enemy agents.
Internet security expert, Samuel Visner, reportedly told War Is Boring through an email that the exercise conducted by Pentagon was pretty forward-looking. Visner, who works with ICF International as senior vice president, also said that the exercise was helpful in characterizing the threats to Pentagon’s networks.
As part of the exercise, Red Team, the mock enemy, attacked more than 24 command centers of the Army and Navy, Air Force and Marines across the country. The attackers tried to damage, harass and break into computer systems using the entire hacking tools at their disposal. They hijacked printers, stole passwords and slowed down or entirely shut down networks.
The attackers were able to break into the Air Force headquarters computer networks that monitored the Pacific and European operations. They were also able to gain control of, or turn off, computer networks in as many as eight other locations. In another internet security breach, the Red Team used a phishing attack to access critical information at nine bases in America and Turkey.
The Pentagon drew $290,000 from the Combatant Commanders’ Initiative Fund, an account meant for meeting unforeseen contingencies, to conduct the exercise. Though the results were worrying, the U.S. Strategic Command commended the exercise as it provided information about which security procedures worked and which did not. In many situations, quick responses and physical protections prevented attacks from causing any real damage.
The report pointed out that many defenders focused on reestablishing service at the cost of defense though they came to know of the attacks in a matter of minutes. Visner noted that there was no focus on resilience when the attack was defended, and systems were recovered. Further, the private computers of defense contractors that provide critical services or manage vital programs were not included.
However, nothing much seems to have changed during the years up to 2016. This is because the many of the concerns that the Pentagon has in 2016 were there in 2006, according to the after-action report, as revealed by Dr. Jeffrey Richelson, who is in charge of the Cyber Vault Project of the National Security Archive. The Pentagon has shown a great deal of consistency as regards to internet security, but its effectiveness is being debated in Washington.
For over three years, members of the Congress have been accusing China as well as other countries of hacking the computer networks of the military and defense contractors. Legislators have even criticized the Pentagon for not doing more to stop intrusions.
According to experts, the problem is not Pentagon’s focus on defending networks and improving defenses have been their long-standing goal. The real issue is the implementation of the policy. The Pentagon established a central Cyber Command in 2009 for fixing the lingering issues. However, the problems spotted in 2006 have not been solved even after seven years.
Robert Lee, ex-cyber warfare officer Air Force, said that the thought process related to solving battlefield problems do not work well when it comes to internet security issues. This is because the tools to be used are constantly changing even though the central problem, defending networks, remains the same. According to him, the Pentagon is focusing more on malware.
While the hackers are upgrading their technology and devising new ways of hacking computers, a report from the Government Accountability Office in May 2016 showed that the Air Force is continuing to use 40-year-old computers with eight-inch floppy disk drives for managing some operations of its nuclear mission.
Though the services have independently tried to implement policies on their own, the cyber-troops are not sufficiently trained to handle exigencies. Therefore, Lee recommends a unified training regimen for standardizing military’s cyberwar tactics. Lee also recommends turning Cyber Command, currently a constituent of Strategic Command, into an independent headquarters. This proposal of Lee has the backing of Michael Rogers, NSA chief Admiral, and Ashton Carter, Secretary of Defense.
All said and done; Congress has to outline policies related to internet security to fix Pentagon’s cyber-problems. Richelson is of the opinion that the core cyberwar objectives of Pentagon are not likely to undergo any change in the recent future. Further, specific tools and tactics might also evolve, but troops might still be striving to tackle same network threats ten years from now.