Cyberattacks spur talk of 3rd DOD network

As part of a strategy to defend its unclassified networks against relentless cyberattacks, the Pentagon may establish a new network to handle electronic commerce and other interactions with the public while cutting off all other existing connections to the Internet. The proposal follows an increase

As part of a strategy to defend its unclassified networks against relentless cyberattacks, the Pentagon may establish a new network to handle electronic commerce and other interactions with the public while cutting off all other existing connections to the Internet.

The proposal follows an increase in the rate of cyberattacks - many stemming from the Kosovo conflict - on the Non-Classified Internet Protocol Router Network (NIPRNET), through which the department transmits unclassified information, including some tactical data, via the Internet.

Marv Langston, deputy assistant secretary of Defense for command, control, communications and intelligence (C3I), said top DOD officials have begun debating whether to disconnect NIPRNET from the Internet and create another network, a so-called third layer, which would provide Internet links between DOD and e-commerce partners and provide the public with access to military Web pages.

The proposed strategy, under debate by DOD officials, would leave the department with three layers of networks: the Secret Internet Protocol Router Network, for classified information; NIPRNET, which would become a virtual private network for internal DOD communications; and the new network, through which the department would communicate with its business partners and the public.

John Hamre, deputy secretary of Defense, framed the issues behind the policy debate in stark terms last week, calling the short air campaign in Yugoslavia against Serbia "the first cyberwar," citing Serb attacks against NATO's public World Wide Web pages.

"We were under a cyberattack in our operations against Serbia," Hamre said at last week's GovTechNet International Conference and Exhibition. DOD is vulnerable to such attacks because the department "routinely operates in commercial cyberspace" using NIPRNET, he said.

Lt. Gen. William Campbell, the Army's director for C3I, called the current NIPRNET policy "close to madness" because it is used to actively support military operations.

Campbell, who would like to see DOD set up the third-layer network, said the Pentagon should not compromise the security of NIPRNET to support e-commerce and interactions with the public. "The [e-commerce] tail should not wag the C3I dog," Campbell said.

Tim Bass, president and chief executive officer of the security consulting firm The Silk Road Group Ltd., said the third layer is a very wise plan. "Denial-of-service attacks against [Internet Protocol] networks are a real threat, and there is no disagreement that IP is highly vulnerable," Bass said. "Furthermore, nonclassified IP access to the Internet is now a mission-critical requirement."

Rick Forno, a security officer for Network Solutions Inc. and a former senior security analyst at the House of Representatives' Information Resources Security Office, also said DOD's plan is plausible. "All public-access networks should be on a completely compartmented environment from anything [classified "For Official Use Only"] or higher, including day-to-day routine local-area networks," he said. If properly carried out, the policy "will be a great solution," Forno said.

However, the proposed strategy is not without some obstacles, DOD officials said.

Langston, who also serves as DOD's deputy chief information officer, which gives him a key role in the network security policy debate, said, "It is difficult to unplug [DOD] from the Internet."

Establishing a third layer would, in essence, set up another U.S., if not global, DOD network, which would be expensive, Langston said.

Langston advocates protecting NIPRNET by copying a Navy initiative to secure networks with an array of technology, including intrusion-detection systems, firewalls and encryption technology.

The Navy has developed its "defense in-depth" strategy as part of an effort to build a secure Navywide intranet. Langston believes the strategy obviates the need to pull the Internet plug except under the most extreme circumstances. "The only reason to pull off the Internet is a massive cyberattack," Langston said.

Rear Adm. John Gauss, commander of the Space and Naval Warfare Systems Command, supports an ongoing NIPRNET redesign, which would involve the Defense Information Systems Agency upgrading the network's security measures. "What DISA's doing will protect DOD computing and still give us a viable means of communicating with industry," Gauss said.

Lt. Gen. William Donahue, director of communications and information for the Air Force, agreed that disconnecting NIPRNET from the Interent is not a viable option. "We're not going to disconnect from the Internet because we depend on it for too much," he said. But, he added, "You have to balance the need to connect with the need to protect."

Although a decision has not yet been made about the third network, Donahue envisions DOD reaching a stage where it initially will shut down all connections between NIPRNET and the Internet, closing all "back door" connections, and then reconnect DOD with a smaller number of open connections.

"There will probably be a finite number of connections to the Internet, and they will be protected," Donahue said. When that occurs, DOD still will need "to be serious, dedicated, dogged and persistent in protecting our network nodes," he said.

But Campbell will continue to push to cut off DOD from the Internet. "If you are going to be a pioneer...you cannot be faint of heart."