DOD to conduct security stand-down

The Defense Department will hold a security stand-down Nov. 29 to focus on information assurance and network security. During the event, military and civilian employees at the major commands, services and agencies will stand down from their duties and devote attention to better protecting DOD data and systems.

Among other measures, they will change their passwords, said Air Force Lt. Gen. Charles Croom, director of the Defense Information Systems Agency and commander of the Joint Task Force for Global Network Operations (JTF-GNO). He spoke last week during a luncheon sponsored by the Washington, D.C., chapter of AFCEA International.

The security stand-down will allow DOD to "get all on the same footing with some processes," said Maj. Gen. Michael Peterson, director of information, services and integration at the Office of the Secretary of the Air Force, Chief of Warfighting Integration and Chief Information Officer.

Peterson, who will become the Air Force's top IT official in December, said the stand-down, which he said he believes is the first one ever for security, will emphasize proper practices for scanning systems, sharing information and applying patches. "It's about good network behavior," he said.

Alan Paller, director of research at the SANS Institute, a nonprofit group that monitors computer security, said he did not know about the stand-down.

Strategic Command (Stratcom), the major command that oversees the operation and protection of the military's networks through JTF-GNO, issued the security stand-down order earlier this month. DOD employees will conduct certain activities to strengthen network security, said Tim Madden, a spokesman for the task force. He declined to elaborate.

Croom, who took over at DISA this summer, said outsiders are intruding into DOD networks. "The enemy is among us," he said.

He added that some DOD officials are concerned about the amount of software manufactured overseas and whether it might incorporate malicious code. He said one way to fight the problem is to require companies to assure DOD that their products are safe and for the military to monitor them closely.

Croom said Marine Corps Gen. James Cartwright, Stratcom's commander, told him to start directing actions on the networks. Croom said he has begun taking a proactive role to strengthen network security instead of merely collecting information about and getting status reports on DOD's data systems.

Peterson, who worked at Stratcom last year, said that was always the plan for JTF-GNO. He said the task force can now better direct actions on the military's networks because of a new command structure and relationship with the services and a new multimillion-dollar command center.

Earlier this year, Federal Computer Week reported that Chinese hackers had accessed U.S. military networks and obtained military secrets, including future command and control information. DOD officials are now considering new policy and acquisition initiatives to improve information assurance.

As DOD moves toward network-centric operations, security has become a paramount issue.