Department of Defense could be vulnerable to hackers

Hearing a major network has been hacked is never a good thing. Hearing the Department of Defense has had their network compromised is slightly worse still. Hearing it happened because of foreign spies would be the worst possibility of all. According to security experts the possibility is right around the corner, and the DoD aren't prepared for it.

The experts spoke before the snappily-titled Senate Armed Services Subcommittee on Emerging Threats and Capabilities, as CIO reports. One argument raised by committee expert James Peery is as follows:

“We’ve got the wrong model here. …  I think we’ve got this model for cyber that says, ‘We’re going to develop a system where we’re not attacked.’ I think we have to go to a model where we assume that the adversary is in our networks. It’s on our machines, and we’ve got to operate anyway. We have to protect the data anyway."

The belief is that, for all the money dumped into protecting the network and information it contains, security is not vastly improved. This is entirely feasible; after all, even the best security system in the world is only as strong as the people in charge of it. DARPA's Acting Director argued in another direction: the Department of Defense has simply layered security onto an existing architecture which is inadequate for fighting against new threats, hoping simply that threats are already known before they strike.

He warned also, that the DoD is limited in its capabilities for offensive actions online, much like in defensive actions. With many of the dire warnings came a request for more funding, so there's a good capacity for hyperbole and generous expansions of the truth. Research and Development director of the NSA Michael Wertheimer believes the government funding for 2013 will be sufficient as long as it is spent wisely. Of course, he's able to say this quite easily. The NSA happens to be one of the agencies with top-secret funding.

The possibility of the Department of Defense being made to look like fools is one which almost definitely has hacktivists with ideologies to share salivating. Not many chances appear to make complete fools out of the United States government and its agencies, and those which are taken would be dealt with harshly (such Gary McKinnon's UFO hunt), but those prepared to take action will likely receive the infamy they seek.

Report a problem with article
Previous Story

Microsoft's Lifebrowser is its version of Facebook's Timeline

Next Story

Rumor: New Windows 8 build screenshot shows new SKU?

24 Comments

Commenting is disabled on this article.

I wonder who came out with the great idea to tell the public "According to security experts the possibility is right around the corner, and the DoD aren't prepared for it." which includes the whole freakin' world, including spies.

Well, duh! Of course they're vulnerable to hackers. The only measure of how vulnerable one is is exactly how badly hackers want to get in.

Lets think outside the box. I think the government has more than enough security to prevent hacking. I believe information like the above "leak" on purpose. What better way to bring the hackers from all countries out from hiding? I also believe the governement would feed "fake" data on purpose to get the gears going in the wrong direction.

recursive said,
I still fail to comprehend why all sensitive information is on a network accessible from the internet.

there is no need for them to be connected to the public net. there is more than enough equipment to provide secure access and encrypt data stored on external devices and laptops. but they decide not to use them. when the brown smelly stuff eventualy hits the fan
may they will decide to secure things. same thing could be said about the UK security force.

but maby the us security services leave there networks vunerable for a reason, so they can extrdiate any one who uses simple scripts to get in to them.

recursive said,
I still fail to comprehend why all sensitive information is on a network accessible from the internet.

could say the same thing about our powerplants, waterplants, etc.

Anthonyd said,
TL;DR, they are running Windows XP, like most (big) companies.

Source?

Actually I thought they ran using a variant of open-source software...

Raa said,

Source?

Actually I thought they ran using a variant of open-source software...

Only thing approved by the NSA for DoD use is Windows XP, Vista just gained approval, and a version of AIX / Unix

neufuse said,

Only thing approved by the NSA for DoD use is Windows XP, Vista just gained approval, and a version of AIX / Unix

Windows 7 is what their switching to.

Anthonyd said,
TL;DR, they are running Windows XP, like most (big) companies.

They're not. The NSA for example is not and in fact any system that can be certified to handle CONFIDENTIAL, SECRET or TOP SECRET by definition cannot be internet accessible.

Thus why the article is hyperbole and ****; obviously things of value can still be internet connected by necessity such as department of state etc and certain public facing elements of the military or people who need public facing e-mail. The point remains however that nothing of value is (where value is defined as potential for loss of human life, capability or any other caveat under the national security classifications C/S/TS).

Anthonyd said,
TL;DR, they are running Windows XP, like most (big) companies.

where you guys get that crap http://nvd.nist.gov/fdcc/index.cfm Vista, Windows 7 and even OSX all have FDCC variants and are widely used Most of the Army is on Windows Vista already and are migrating to FDCC compliant version of Windows 7 on the workstation side and Server 2008 R2 unified gold master on the server side

http://usgcb.nist.gov/usgcb/microsoft_content.html
The United States Government Configuration Baseline (USGCB) - Microsoft Content