Attack by Korean hacker prompts Defense Department cyber debate
Top military officials are concerned that current policies overly restrict DOD's ability to track cyberattackers working outside the United States.
Defense Department computer networks are probed and attacked hundreds of time each day. But a recent attack on the civilian Internet is causing DOD officials to re-examine whether the policies under which they fight cyber battles are tying their hands.“This is an area where technology has outstripped our ability to make policy,” said Air Force Gen. Ronald Keys, Commander of Air Combat Command. “We need to have a debate and figure out how to defend ourselves.”Unlike in the war on terror, DOD can’t go after cyber attackers who plan or discuss crimes until they act, Keys said. Web sites in other countries are beyond DOD‘s reach, he added. “If they’re not in the United States, you can’t touch 'em.”Keys said it would probably take a cyber version of the 9/11 attacks to make the U.S. realize that barriers to action in cyberspace should be re-evaluated.The danger is real, officials say. On Feb 5, an organized group of hackers perpetrated the most powerful set of attacks since 2002. The attacks targeted UltraDNS, the company that runs several servers that manage traffic for domains that end with .org and other extensions, according to several reports.Although the hackers made efforts to conceal their identity, large amounts of rogue data was traced back to servers in South Korea, the reports stated. The Associated Press wrote that a traffic server operated by the Defense Department was affected.Affected or not, senior DOD cyber officials have taken notice. They spoke about its defense implications at the Air Warfare Symposium in Orlando, Fla., hosted by the Air Force Association today.The recent UltraDNS attacks raised several questions for DOD policy makers, Keys said. “How do you react to that attack? How do you trace it back? What are the legalities included? What do you do when you do find them? It’s a huge challenge,” he said.DOD must consider more aggressive measures, including penetrating enemy networks, infiltrating wi-fi, phishing for passwords, and e-mail deception, Keys said. Cyber attack forces could replace traditional forces in future attack missions, he said.The current cyber threat is divided into three tiers: hackers, criminals, and nation-states, with increasing levels of resources and investment in cyber capabilities, said U.S. Strategic Commander General James Cartwright, speaking at the conference.The U.S. cyber warfare strategy is divided among three fiefdoms, reconnaissance, offense, and defense, Cartwright said. This results in a passive, disjointed approach that undermines the military's cyberspace operations, he added.“We’re already at war in Cyberspace, have been for many years,” said Keys Terrorists use the Internet extensively, through remotely detonated bombs, GPS, Internet financial transactions, navigation jamming, bogs, bulletin boards, and chat rooms.Hacker tools are readily available on the Internet, and several sites promote products that give people the ability to circumvent DOD’s security measures, Keys said. But policy and law prevent the department from shutting down these sites.Cyberspace is the only warfighting domain in which the U.S. has peer competitors, Keys said. The Chinese Communist government said in a recent military white paper that its goal is to be “capable of winning informationized war” by the middle of the 21st century, he noted.DOD is also vulnerable because it procures technology components, such as computer chips, from China. The companies there could embed threatening technologies in the chips and then use them for malicious purposes, Keys said. “If they’re good enough [at hiding the technology], then how would you know?” he asked.Several attacks have disabled government computer systems over the last few months. In November, the Naval War College took its computers offline for weeks after a foreign network attack disabled the system. In July, the Commerce Department’s Bureau of Industry and Security had to replace hundreds of computers following an intrusion that was admitted to have originated from Chinese servers.Keys’ ACC, headquartered at Langley AFB, Va., provides command, control, communications and intelligence systems to the Air Force and conducts global information operations. The command is also oversees the 8th Air Force at Barksdale AFB, La., which will soon become the Air Force’s Cyber Command, it was announced in October.Cyber Command will focus on integrating reconnaissance, offensive, and defense operations in cyberspace, Keys said. DOD is dependent on its networks for almost all its missions, he added. “It’s entwined into everything we do.”