DOD: Change Passwords

Concerned that efforts to fix computer systems for the Year 2000 problem may expose its information infrastructure to cyberattacks, the Defense Department has ordered its network managers to change all administrative and user passwords on their unclassified networks.

The order is the result of mandatory guidance issued last month to all of the military services' network security organizations by the Joint Task Force for Computer Network Defense. While a JTF-CND spokesperson could not confirm or deny rumors that the guidance may be the result of a recent breach of computer security, the spokesperson said that the FBI's National Infrastructure Protection Center is currently investigating intrusions into unclassified DOD networks.

"We're trying to start a better process for password protection," the spokesperson said. "We gave [our components and other DOD organizations] several weeks to do this [because] we know it can't be done overnight."

The JTF-CND, which was formed last December, serves as the focal point for DOD to organize the defense of DOD computer networks and systems. When cyberattacks are detected, the JTF-CND is responsible for directing departmentwide defenses to stop or contain damage and restore DOD network functions operations.

The mandatory actions called for by the JTF-CND directive include changing all administrative and user passwords for all unclassified systems and then restarting the operating systems for systems that are connected to the network. The process is known as a "warm boot" and is not a full shutdown of the system, the spokesperson said.

Major commands affected by the guidance and responsible for managing compliance in their respective services include the Air Force Information Warfare Center, the Army's Land Information Warfare Activity, the Defense Information Systems Agency, the Marine Corps' Marine Forces-CND and the Navy Component Task Force-CND.

As a result of the directive, the NCTF-CND issued classified and unclassified messages ordering password changes. However, a spokesman for the Space and Naval Warfare Systems Command, one of the primary recipients of the message, declined to comment because of the sensitivity of the message's content.

In an administrative message issued last week by the NCTF-CND, the Navy offered technical guidance to system administrators on how to deal with the lack of password date-change tracking functionality in Microsoft Corp.'s Windows NT.

As a result, the Navy has made three software tools available over the Internet to help administrators automate the enforcement of password changes.

In May, Art Money, senior civilian official acting as the assistant secretary of Defense for command, control, communications and intelligence, issued a DOD-wide memorandum about the potential threat to DOD networks posed by the Year 2000 computer problem. In that memo, Money cited DOD Administrative Instruction 26, which provides specific guidance on the use of passwords.

A DOD spokesperson said there is "no inherent connection between the May 5 Money memo and the July 23 [JTF-CND] message—other than they are related in the context of the department constantly putting out guidance that requires vigilance over our networks."


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.