Attack by Korean hacker prompts Defense Department cyber debate

Top military officials are concerned that current policies overly restrict DOD's ability to track cyberattackers working outside the United States.

Defense Department computer networks are probed and attacked hundreds of time each day. But a recent attack on the civilian Internet is causing DOD officials to re-examine whether the policies under which they fight cyber battles are tying their hands.“This is an area where technology has outstripped our ability to make policy,” said Air Force Gen. Ronald Keys, Commander of Air Combat Command. “We need to have a debate and figure out how to defend ourselves.”Unlike in the war on terror, DOD can’t go after cyber attackers who plan or discuss crimes until they act, Keys said. Web sites in other countries are beyond DOD‘s reach, he added. “If they’re not in the United States, you can’t touch 'em.”Keys said it would probably take a cyber version of the 9/11 attacks to make the U.S. realize that barriers to action in cyberspace should be re-evaluated.The danger is real, officials say. On Feb 5, an organized group of hackers perpetrated the most powerful set of attacks since 2002. The attacks targeted UltraDNS, the company that runs several servers that manage traffic for domains that end with .org and other extensions, according to several reports.Although the hackers made efforts to conceal their identity, large amounts of rogue data was traced back to servers in South Korea, the reports stated. The Associated Press wrote that a traffic server operated by the Defense Department was affected.Affected or not, senior DOD cyber officials have taken notice. They spoke about its defense implications at the Air Warfare Symposium in Orlando, Fla., hosted by the Air Force Association today.The recent UltraDNS attacks raised several questions for DOD policy makers, Keys said. “How do you react to that attack? How do you trace it back? What are the legalities included? What do you do when you do find them? It’s a huge challenge,” he said.DOD must consider more aggressive measures, including penetrating enemy networks, infiltrating wi-fi, phishing for passwords, and e-mail deception, Keys said. Cyber attack forces could replace traditional forces in future attack missions, he said.The current cyber threat is divided into three tiers: hackers, criminals, and nation-states, with increasing levels of resources and investment in cyber capabilities, said U.S. Strategic Commander General James Cartwright, speaking at the conference.The U.S. cyber warfare strategy is divided among three fiefdoms, reconnaissance, offense, and defense, Cartwright said. This results in a passive, disjointed approach that undermines the military's cyberspace operations, he added.“We’re already at war in Cyberspace, have been for many years,” said Keys Terrorists use the Internet extensively, through remotely detonated bombs, GPS, Internet financial transactions, navigation jamming, bogs, bulletin boards, and chat rooms.Hacker tools are readily available on the Internet, and several sites promote products that give people the ability to circumvent DOD’s security measures, Keys said. But policy and law prevent the department from shutting down these sites.Cyberspace is the only warfighting domain in which the U.S. has peer competitors, Keys said. The Chinese Communist government said in a recent military white paper that its goal is to be “capable of winning informationized war” by the middle of the 21st century, he noted.DOD is also vulnerable because it procures technology components, such as computer chips, from China. The companies there could embed threatening technologies in the chips and then use them for malicious purposes, Keys said. “If they’re good enough [at hiding the technology], then how would you know?” he asked.Several attacks have disabled government computer systems over the last few months. In November, the Naval War College took its computers offline for weeks after a foreign network attack disabled the system. In July, the Commerce Department’s Bureau of Industry and Security had to replace hundreds of computers following an intrusion that was admitted to have originated from Chinese servers.Keys’ ACC, headquartered at Langley AFB, Va., provides command, control, communications and intelligence systems to the Air Force and conducts global information operations. The command is also oversees the 8th Air Force at Barksdale AFB, La., which will soon become the Air Force’s Cyber Command, it was announced in October.Cyber Command will focus on integrating reconnaissance, offensive, and defense operations in cyberspace, Keys said. DOD is dependent on its networks for almost all its missions, he added. “It’s entwined into everything we do.”
X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.