Cyberattacks leave feds chasing 'vapor'

Top administration officials last week warned that the United States lacks the capability to quickly identify the nature and scope of a continuing series of cyberattacks against both federal and private systems that support the country's telecommunications, financial and energy critical infrastructures.

During a series of congressional hearings and in speeches last week, federal security and information technology officials made it clear that they anticipate a powerful ''Achilles' heel'' cyberattack that could cripple the nation's vital systems because the government lacks the ability to defend against such an attack.

John Hamre, deputy secretary of Defense, told the House National Security Committee that such a paralyzing cyberattack against critical infrastructures is inevitable. "There will be an electronic attack sometime in our future," he said. "Should an attack come, it will likely not be aimed at just military targets but at civilian [targets] as well." Administration officials also reported that the attacks continue unabated.

Art Money, who is slated to take over as assistant secretary of Defense for command, control, communications and intelligence later this year, said in a speech at a conference in Washington, D.C., last week that DOD "averages 60 intrusions a week" into its computer systems. An official of the FBI's new National Infrastructure Protection Center (NIPC) said the office is investigating a "half dozen" incidents, describing them as ''substantial.''

But security agencies said the process of chasing down and identifying attackers is frustrating, as in the case of the highly publicized series of hacks against DOD computers last February. The FBI and numerous DOD agencies worked together to track down the hackers, but the agencies could not "identify [until] the following week" the source and type of attack, Ellie Padgett, deputy chief of the National Security Agency, told the Senate Judiciary Committee's Subcommittee on Technology, Terrorism and Government Information.

Padgett said it would still take the agency a "matter of days" to determine if an attack was strategic or just a teenage prank.

Michael Vatis, director of NIPC, told the committee, "In most cyberattacks, it's impossible to know the identity of the penetrator," be it teenage hackers, criminals or a strategic attack by a hostile nation. Vatis, in an interview, likened chasing down hackers to "tracking vapor."

Barry Collin, a senior researcher with the Institute for Security and Intelligence, said it will become increasingly difficult to identify strategic attacks because a nation that is sophisticated enough to mount a cyberwar against the United States also will have the sophistication to disguise that effort as a hacker attack mounted by teenagers. "They can make it appear as if it is a game instead of a real attack," he said.

A "Predatory Phase"

Also frustrating security experts is the possibility that attacks will be carried out in quick hits over a long period of time, Hamre said. "The predatory phase could take place over several years, making it hard to collate curious, seemingly unrelated events into a coherent picture," he said. These long-term attacks "could take place over multiple jurisdictions— [for example] power grids or air traffic control nodes in various states. Our knowledge of the origin of such attacks and their sponsorship is likely to be imprecise."

Hamre also presented classified testimony to a joint closed hearing of the House National Security Committee's Military Procurement and the Military Research and Development subcommittees. Hamre may have presented more detailed evidence of computer vulnerabilities, based on remarks by Rep. Curt Weldon (R.-Pa.), chairman of the Military Research and Development Subcommittee, who called Hamre's classified testimony "the most provocative briefing" he had ever received during his 12 years in Congress.

The Clinton administration hopes to protect the critical infrastructures with recently formed security organizations, including the National Infrastructure Assurance Plan, the NSA Network Incident Analysis Cell and the Critical Infrastructure Assurance Office in the Commerce Department. CIAO will spearhead multiple-agency efforts to develop better policies, processes, procedures and systems to detect and deter attacks.

The administration also plans to heavily involve the private sector— banks, power companies and railroad companies— in "public/private partnerships'' to protect the infrastructure.

Members of Congress on both sides of the Hill praised the administration's initial efforts, but they also expressed some skepticism about the approach. Sen. Diane Feinstein (D-Calif.) said she "wondered if the nexus between the public and private sectors will work."

Rep. Herbert Bateman (R-Va.) said he is "deeply skeptical" about placing the CIAO in Commerce rather than in DOD.

Bateman said Commerce's willingness to allow the exportation of critical satellite and rocketry information to the Chinese left him "unconvinced" that Commerce had the same "sensitivity" as the Pentagon has to the requirements of national security.


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected