DOD: Change Passwords

Concerned that efforts to fix computer systems for the Year 2000 problem may expose its information infrastructure to cyberattacks, the Defense Department has ordered its network managers to change all administrative and user passwords on their unclassified networks.

The order is the result of mandatory guidance issued last month to all of the military services' network security organizations by the Joint Task Force for Computer Network Defense. While a JTF-CND spokesperson could not confirm or deny rumors that the guidance may be the result of a recent breach of computer security, the spokesperson said that the FBI's National Infrastructure Protection Center is currently investigating intrusions into unclassified DOD networks.

"We're trying to start a better process for password protection," the spokesperson said. "We gave [our components and other DOD organizations] several weeks to do this [because] we know it can't be done overnight."

The JTF-CND, which was formed last December, serves as the focal point for DOD to organize the defense of DOD computer networks and systems. When cyberattacks are detected, the JTF-CND is responsible for directing departmentwide defenses to stop or contain damage and restore DOD network functions operations.

The mandatory actions called for by the JTF-CND directive include changing all administrative and user passwords for all unclassified systems and then restarting the operating systems for systems that are connected to the network. The process is known as a "warm boot" and is not a full shutdown of the system, the spokesperson said.

Major commands affected by the guidance and responsible for managing compliance in their respective services include the Air Force Information Warfare Center, the Army's Land Information Warfare Activity, the Defense Information Systems Agency, the Marine Corps' Marine Forces-CND and the Navy Component Task Force-CND.

As a result of the directive, the NCTF-CND issued classified and unclassified messages ordering password changes. However, a spokesman for the Space and Naval Warfare Systems Command, one of the primary recipients of the message, declined to comment because of the sensitivity of the message's content.

In an administrative message issued last week by the NCTF-CND, the Navy offered technical guidance to system administrators on how to deal with the lack of password date-change tracking functionality in Microsoft Corp.'s Windows NT.

As a result, the Navy has made three software tools available over the Internet to help administrators automate the enforcement of password changes.

In May, Art Money, senior civilian official acting as the assistant secretary of Defense for command, control, communications and intelligence, issued a DOD-wide memorandum about the potential threat to DOD networks posed by the Year 2000 computer problem. In that memo, Money cited DOD Administrative Instruction 26, which provides specific guidance on the use of passwords.

A DOD spokesperson said there is "no inherent connection between the May 5 Money memo and the July 23 [JTF-CND] message—other than they are related in the context of the department constantly putting out guidance that requires vigilance over our networks."

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected