Pentagon says attack on blood data banks 'simulated'
- By Bob Brewin
- Sep 21, 1998
A Defense Department "Red Team,'' not real hackers, mounted a "simulated attack" last year on DOD medical databases containing blood type information, according to a Pentagon spokeswoman.
Earlier this month Art Money, the Pentagon senior civilian official awaiting nomination and confirmation as assistant secretary of Defense for command, control, communications and intelligence, said databases in unspecified DOD hospitals had been "hacked into'' and "blood types changed.''
But a Pentagon spokeswoman today clarified Money's remarks, saying that this activity occurred during an exercise designed to "demonstrate potential impacts...if personnel records, such as medical records with information on blood types of military members, were the subject of hacker attacks. No records were electronically altered'' during the exercise, the spokeswoman said in a statement furnished to FCW.
FCW has learned that last year a Red Team from the Joint Command and Control Warfighting Center in San Antonio wrote a scenario to hack into DOD's central computer to see if the team could manipulate DOD's blood databases stressed by simulated wartime conditions. The DOD Blood Program Office informed the center that there was a central computer and that each hospital operated a secure, stand-alone system inaccessible from the Internet.
The Red Team, FCW was told, attempted to hack into an incomplete demonstration model of DOD's Defense Blood Standard System v3.0, which had been placed on a Web site so that DOD users could look at how the new system was going to function and how it was presented. Personnel familiar with the DOD blood bank data systems said that because the system had all of its firewalls down, it was easy for the Red Team to get into this demonstration system but that actual blood bank systems are not connected to the Internet and are "virtually impossible'' to hack into.
The Pentagon spokeswoman said DOD still needs to "take seriously, however, the conceivable possibility of an adversary trying to disrupt personnel support systems such as those for finance, medical [and] logistics." That is why, she said, the simulated attack on blood data banks was part of the information war exercise conducted last year.