DOD network attacks level off
- By Bill Murray
- Dec 07, 2000
The number of detected attacks on unclassified Defense Department networks
has leveled off this year, according to the commander who's in charge of
The number of detected "cyber events" on DOD's Non-Classified Internet Protocol
Router Network increased dramatically from 780 in calendar year 1997 to
22,144 in 1999, said Army Maj. Gen. James Bryan, director of the Joint Task
Force for Computer Network Defense.
But the number of cyber events has steadied: from 01/through October
of this year, there were 20,414, he said.
Bryan spoke Tuesday at the Armed Forces Communications and Electronics Association's
TechNet Asia-Pacific 2000 conference in Honolulu.
"We're better at detecting what level of activities there are," on DOD networks,
Bryan said. JTF-CND officials use "strict definitions" to define a cyber
event, and each event has to fulfill the requirements of seven categories,
The importance of having common criteria for what constitutes a cyber event
came up earlier on Tuesday, when Lt. Gen. Edwin Smith, commanding general
for U.S. Army Pacific, said there are 800,000 "hits" each week on his networks
from hackers. "And they're not all high school hackers," he added.
Ninety-seven percent of the time, intrusions into DOD systems could have
been prevented with better systems configurations, Bryan said. To address
that problem, the DOD CIO Executive Board is expected to sign a directive
for ports and protocol configuration control by the end of the month, he
JTF-CND also has developed a single database covering all DOD organizations'
cyber events, Bryan said. Like his predecessor at JTF-CND, Air Force Maj.
Gen. John Campbell, he expressed frustration that the organization can't
do reconnaissance on cyber intruders who aren't in .mil domains.