Computer and e-mail systems are off-line at the Naval War College following a network intrusion Nov. 15. After the attack, the Defense Department raised its information warfare awareness level to Information Condition (Infocon) 4.
Navy officials declined to comment on the source of the attack. “The nature and extent of the intrusion are operational issues and I can’t discuss them further,” said Cmdr. Doug Gabos, spokesman for Navy Cyber Defense Operations Command, which ordered the shutdown. The college’s site remains down pending an investigation.
The attack was an isolated incident and has not affected other parts of DOD, Gabos said. Meanwhile, the college’s systems have been removed from DOD’s Global Information Grid so that investigators can examine the extent of the intrusion and upgrade firewalls and other security measures, he said.
The Joint Task Force for Global Network Operations, under the U.S. Strategic Command, issued a directive Nov. 17 to raise the DOD-wide alert level from Infocon 5 to Infocon 4, but that was not linked to the incident at the college, according to JTF-GNO.
“We do these things periodically,” said Tim Madden, JTF-GNO spokesman. Several factors contributed to the change, he said. There is no way to tell when the alert level might be lowered.
According to a news report, Chinese hackers are responsible for the attack. One professor told his class Nov. 27 that they took down the entire college network, the report states.
Typically, investigators can identify network attacks through electronic signatures left behind, said Alan Paller, director of research at the SANS Institute. In this case, DOD might be able to match the attackers to previous Chinese intrusions, such as the Titan Rain series of attacks from Guangdong, which started in 2003 and may still be ongoing.
There is no official confirmation that the attacks on the college networks came from China.
The college will probably have to replace all the computers affected by the attack, Paller said. “That’s the only confidence-building measure step you can take,” he said. “When very professional people get through your defenses, their ability to hide is much greater than your ability to find them.”
The Commerce Department’s Bureau of Industry and Security replaced hundreds of computers after recent network attacks. The bureau is responsible for deciding which technologies should be available for export to countries such as China.
Chinese attacks on DOD systems are far more widespread than is publicly known, Paller said, but almost all attacks remain classified. “The problem is thousands of times bigger than what you hear,” he said.
The college educates more than 500 senior officers from DOD and 150 visiting military officers from various allied and partner countries.
The college also includes the Naval Strategic Studies Group, which is tasked with developing strategies for cyberwarfare. Its Web site is also down.
The college is a prime target because of the nature of the subject matter taught there, Paller said. “This is the place where they teach tactics and tactics are the most closely held secret that our country has,” he said.
