Pentagon says attack on blood data banks 'simulated'

A Defense Department "Red Team,'' not real hackers, mounted a "simulated attack" last year on DOD medical databases containing blood type information, according to a Pentagon spokeswoman.

Earlier this month Art Money, the Pentagon senior civilian official awaiting nomination and confirmation as assistant secretary of Defense for command, control, communications and intelligence, said databases in unspecified DOD hospitals had been "hacked into'' and "blood types changed.''

But a Pentagon spokeswoman today clarified Money's remarks, saying that this activity occurred during an exercise designed to "demonstrate potential impacts...if personnel records, such as medical records with information on blood types of military members, were the subject of hacker attacks. No records were electronically altered'' during the exercise, the spokeswoman said in a statement furnished to FCW.

FCW has learned that last year a Red Team from the Joint Command and Control Warfighting Center in San Antonio wrote a scenario to hack into DOD's central computer to see if the team could manipulate DOD's blood databases stressed by simulated wartime conditions. The DOD Blood Program Office informed the center that there was a central computer and that each hospital operated a secure, stand-alone system inaccessible from the Internet.

The Red Team, FCW was told, attempted to hack into an incomplete demonstration model of DOD's Defense Blood Standard System v3.0, which had been placed on a Web site so that DOD users could look at how the new system was going to function and how it was presented. Personnel familiar with the DOD blood bank data systems said that because the system had all of its firewalls down, it was easy for the Red Team to get into this demonstration system but that actual blood bank systems are not connected to the Internet and are "virtually impossible'' to hack into.

The Pentagon spokeswoman said DOD still needs to "take seriously, however, the conceivable possibility of an adversary trying to disrupt personnel support systems such as those for finance, medical [and] logistics." That is why, she said, the simulated attack on blood data banks was part of the information war exercise conducted last year.

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.