Successful cyberattacks against DOD drop

The number of successful cyberattacks against Defense Department networks and information systems declined from about 130 in January 2005 to about 40 in January 2007, Air Force Lt. Gen. Charles Croom, director of the Defense Information Systems Agency, told a House Armed Services Committee subcommittee hearing March 28.In testimony to the House Terrorism, Unconventional Threats and Capabilities Subcommittee, Croom said the decline in successful attacks occurred at the same time DOD deterred increasingly larger numbers of attacks and probes against its information systems.The number of what Croom called “cyber incidents” grew from 16,000 in 2004 to 23,000 in 2005 and 30,000 in 2006, he said, in addition to cyberscans running about four times that number each year. But the majority of those probes were unsuccessful attacks, he added.DOD has also been able to reduce the number of computers hijacked to run automated Internet attacks, Croom said. Although botnet activity on the Internet increased about 110 percent between February 2005 and December 2006, the number of DOD computers used in botnet attacks declined 61 percent in the same period, he said.The decline in the number of attacks against DOD information systems is a result of improved computer configuration control and the use of public-key infrastructure encryption for sign-ins and log-ons to DOD computers and information systems, Croom said.The department continues to spend heavily to protect its networks and information systems, John Grimes DOD’s chief information officer and assistant secretary of Defense for networks and information integration, said at the hearing. DOD plans to spend $2.5 billion on information assurance in fiscal 2008, Grimes said.