Advanced hacks sting Pentagon

The Defense Department confirmed late Friday that a major cyberattack against its critical information systems has been under way for the past several months, propelling the newly formed Joint Task Force for Computer Network Defense into its first real-world test.

"There appears to be something new going on that falls under a new investigation," said a spokeswoman for the Defense Information Systems Agency, the DOD agency responsible for managing critical information systems.

The spokeswoman said the attack, which has been described by a senior member of the House National Security Committee as coordinated and organized, "is still ongoing but has not penetrated any of [DOD's] classified systems."

The Joint Task Force for Computer Network Defense was established by DOD in December to coordinate and direct the defense of all DOD computer networks and systems. Maj. Gen. John H. Campbell, DISA's vice director, leads the 10-person task force, which operates out of Arlington, Va., where the agency operates a Global Operations and Security Center.

The revelation comes on the heels of a Feb. 23 classified briefing to Congress by Deputy Defense Secretary John Hamre, in which he reportedly outlined the details of the attack and the steps DOD is taking in response.

In a separate hearing open to the public, Hamre told lawmakers that his department is "detecting 80 to 100 [potential hacking] events daily." Hamre made similar statements last year.

Some congressional members, including House Armed Services Committee member Rep. Curt Weldon (R-Pa.), have characterized the long-running spate of attacks as a prelude to "an electronic Pearl Harbor."

The cyberattacks have taken many federal security officials by surprise. "[The level of attacks] varies from day to day, but I'm not aware of any particular upswing recently," said Shawn Hernan, leader of the Coordinated Emergency Response Team Coordination Center's Vulnerability Handling Team at the Software Engineering Institute, a DOD-funded research organization that includes a computer emergency response team coordination center, which follows hacker attacks. "I'm not personally aware of any blip on the radar screen," Hernan said.

Still, DOD and civilian agencies are under an increasing number of cyberattacks, Hernan said. "It's an ever-continuing number of attacks, growing roughly at the same size as the Internet," he said.

Bill Pollak, a spokesman for SEI, said he was not aware of any recent anomaly in the pattern of attempted hackings on DOD computers.

John Pike, a defense and intelligence analyst with the Federation of American Scientists, downplayed media reports that DOD has become overly concerned about recent attacks, calling the heightened concern "nothing new."

DOD security officials said DOD's classified computer systems, which store the agency's most sensitive data, have not been penetrated because the systems are not connected to the Internet, which hackers use to navigate and tap into an organization's internal systems.

The greatest threat to national security information may be employees within DOD who have access to classified systems. "We are increasingly concerned about those who have legitimate access to our networks - the trusted insider," Hamre told a joint hearing of the Armed Services Committee's Research and Development Subcommittee and the Military Procurement Subcommittee last month.

"We have taken significant steps to increase our internal security and security awareness," Hamre said.