DOD net overhaul to thwart hackers

The Defense Department has started an overhaul of its global unclassified network to fight off the barrage of hacker attacks the department's systems suffer and to increase capacity to handle a huge rise in traffic to and from the Internet.

The Defense Information Systems Agency plans to redesign its Non-Classified Internet Protocol Router Network, DOD's primary entry into commercial World Wide Web sites, to take advantage of enhanced security measures and to improve overall performance.

The NIPRNET redesign, scheduled for completion in December with main network components slated for installation no later than June, will provide DOD with a network better designed to stave off hacker attacks that hit DOD systems at a rate of 250,000 a year, according to a DOD source briefed on the network plan.

Tony Montemarano, chief of Defense Information Systems Network services for DISA, said the agency is well on its way with the NIPRNET upgrade. "The equipment is purchased, and we are upgrading software loads," Montemarano said.

He said that besides providing security, the NIPRNET upgrade also will provide "protection against denial-of-service attacks.... We want to be able to guarantee the availability of the network as well as provide additional security for the users."

DISA's plans include the filtering of what DISA called "notorious" protocols routinely exploited by hackers, according to briefing slides obtained by Federal Computer Week.

The protocols include the PostOffice Protocol (POP), which allows remote users to read e-mail stored on a central server; remote-access protocols, which allow users to read their e-mail from another system; and Packet Internet Groper (Ping), which hackers use to disable networks by overloading them with a command.

According to the briefing slides, DISA plans to start filtering out these protocols by July. But the agency said it has not made any decision yet on which protocols to filter.

Montemarano declined to quantify the degree of security that the NIPRNET upgrade will provide, except to say, "It will be better...and performance will be improved considerably."

DISA is doubling the number of NIPRNET connections to the Internet because of the huge increase in traffic spurred by the development of the World Wide Web and the amount of information residing on Web sites outside NIPRNET, Montemarano said. "There is so much information out there our users want," he said.

Increasing capacity also is a security measure. The inability of NIPRNET to handle the loads imposed by Web traffic without lags or delays had resulted in numerous military commands installing Internet "backdoors" on their systems.

DISA is looking to eliminate such backdoor connections. According to the DISA briefing, no unit or command will be allowed to connect a local- or wide-area network to NIPRNET until the network goes through a formal connection approval process.

Rear Adm. John Gauss, commander of the Space and Naval Warfare Systems Command, said he believes the NIPRNET redesign offers a better security alternative than the almost total retreat from the Internet advocated by Lt. Gen. William Campbell, the Army's director of information systems for command, control, communications and computers.

"Campbell accurately addressed the threat," Gauss said, "but the thing I have to ponder is, [considering] the amount of electronic commerce we do with industry, is it viable just to disconnect from the Internet? What DISA is doing will protect DOD computing and still give us a viable means of communicating with industry."