DOD's Net retreat unwise
It is only natural that when under attack, our initial response is to retreat, pull back into our shells and isolate ourselves from the outside world. While highly instinctive, this reaction is not always the best course of action.
Such is the case with the suggestion by some Defense Department leaders to disconnect the department from the Internet. No one disputes the seriousness of the unrelenting cyberattacks that are slamming DOD's unclassified networks - more than 250,000 a year by conservative estimates. Attackers range from thrill-seeking teenagers to state-sponsored terrorists who travel across the Internet to reach into DOD databases. This barrage gives a whole new meaning to the term "shell shocked."
But the suggestion made this month by Army Lt. Gen. William Campbell to move large portions of the ".mil" domain to a protected intranet is not the answer. We do not question Campbell's intention: to defend the United States and its citizens at any cost. But DOD already sends its most sensitive information across a protected intranet called the Secret Internet Protocol Router Network, which no known cyberterrorist has managed to infiltrate. DOD also has taken prudent steps to further strengthen security, such as Defense Secretary William Cohen's order late last year to remove all sensitive information, including officers' addresses and telephone numbers, from DOD's 1,000-plus World Wide Web sites.
We agree with Defense deputy secretary John Hamre that DOD is "far too connected" to simply unplug. Besides the cost involved, a whole host of other problems could be introduced in moving wholly to an intranet. Also, such a move would do nothing to combat what security experts claim is by far the No. 1 security threat: an agency's own employees.
What is needed is a continued effort to monitor the information in unclassified networks, including Web sites, and investment in reliable high-tech security measures. In addition, those in charge of Web sites and electronic commerce networks must become security experts themselves. Security can no longer be an afterthought to system development or information technology policy; it must become as much a part of the IT process as plugging in a desktop.
In short, security must become as integral a part of the DOD culture as the Internet. Ultimately, as has been pointed out by one Marine official, the benefit of using the Internet far outweighs the associated risks.