Defense Department computer networks are probed and attacked hundreds of time each day. But a recent attack on the civilian Internet is causing DOD officials to re-examine whether the policies under which they fight cyber battles are tying their hands.
“This is an area where technology has outstripped our ability to make policy,” said Air Force Gen. Ronald Keys, Commander of Air Combat Command. “We need to have a debate and figure out how to defend ourselves.”
Unlike in the war on terror, DOD can’t go after cyber attackers who plan or discuss crimes until they act, Keys said. Web sites in other countries are beyond DOD‘s reach, he added. “If they’re not in the United States, you can’t touch 'em.”
Keys said it would probably take a cyber version of the 9/11 attacks to make the U.S. realize that barriers to action in cyberspace should be re-evaluated.
The danger is real, officials say. On Feb 5, an organized group of hackers perpetrated the most powerful set of attacks since 2002. The attacks targeted UltraDNS, the company that runs several servers that manage traffic for domains that end with .org and other extensions, according to several reports.
Although the hackers made efforts to conceal their identity, large amounts of rogue data was traced back to servers in South Korea, the reports stated. The Associated Press wrote that a traffic server operated by the Defense Department was affected.
Affected or not, senior DOD cyber officials have taken notice. They spoke about its defense implications at the Air Warfare Symposium in Orlando, Fla., hosted by the Air Force Association today.
The recent UltraDNS attacks raised several questions for DOD policy makers, Keys said. “How do you react to that attack? How do you trace it back? What are the legalities included? What do you do when you do find them? It’s a huge challenge,” he said.
DOD must consider more aggressive measures, including penetrating enemy networks, infiltrating wi-fi, phishing for passwords, and e-mail deception, Keys said. Cyber attack forces could replace traditional forces in future attack missions, he said.
The current cyber threat is divided into three tiers: hackers, criminals, and nation-states, with increasing levels of resources and investment in cyber capabilities, said U.S. Strategic Commander General James Cartwright, speaking at the conference.
Digg
De.licio.us
Slashdot
Technorati
