FCW @ 30
Hackers storm DOD networks
- By Paul McCloskey
- Sep 26, 2016
In 1998 the hacker collective L0pht told Congress that it would be easy to take down the internet.
By the mid-1990s, the hacking of government computers had evolved from being mostly an illicit pastime of hobbyists to an organized crime carried out by teams of "info assassins," in the words of a Defense Department official.
On any given day, former Director of Defense Information Paul Strassmann said in 1996, DOD did not have control of five or six of its computer systems -- "the hackers do."
Large numbers of computers accessible via Milnet had also been compromised, he said at the time, including domains serving the Joint Chiefs of Staff and the Defense Logistics Agency.
Such depredations gave rise to changes in the ways agencies confronted hacking groups, including a focus on sharing information between the defense and intelligence communities and the creation of military cyber commands to put government cyber defenses on a wartime footing.
In a 1996 information-sharing effort, then-CIA director John Deutch proposed working with DOD to create an Information Warfare Technology Center staffed with 1,000 people and located at the National Security Agency at Fort Meade, Md.
The center would produce assessment tools for civilian, military and intelligence agencies "to deal with the emerging threat." Following suit, the Air Force announced plans to create a cyber command to bring the tactics of war to the cybersecurity theater, pledging "to fly and fight in air, space and cyberspace."
"Cyberspace is a domain for projecting and protecting national power for both strategic and tactical operations," Air Force Secretary Michael Wynne said in announcing the new command in November 2006.
Although the measures have strengthened the government's hand, the jockeying for control of the cyber commands continues. Adm. Michael Rogers, who leads both U.S. Cyber Command and NSA, told legislators in April that Cybercom should be elevated to a full unified combatant command. Some in Congress have even called for creating a separate military service to focus on cyber (something Rogers has said he opposes).
Also ongoing is the sense that cyberthreats might be outpacing defensive efforts. "I don't know whether we will face an electronic Pearl Harbor," Deutch said in 2006. "But we will have, I'm sure, some very unpleasant circumstances in this area."
Those remarks echoed through the years until June 2015, when the Office of Personnel Management revealed that it had been hit by a double breach of near-Pearl Harbor proportions: a hack that compromised 4.2 million Social Security numbers. A second hack two months later compromised 21 million SSNs.
Both intrusions were traced to China in what has become a long war for digital dominance among the superpowers.
Paul McCloskey is senior editor of GCN. A former editor-in-chief of both GCN and FCW, McCloskey was part of Federal Computer Week's founding editorial staff.