DOD network attacks level off

The number of detected attacks on unclassified Defense Department networks

has leveled off this year, according to the commander who's in charge of

protecting them.

The number of detected "cyber events" on DOD's Non-Classified Internet Protocol

Router Network increased dramatically from 780 in calendar year 1997 to

22,144 in 1999, said Army Maj. Gen. James Bryan, director of the Joint Task

Force for Computer Network Defense.

But the number of cyber events has steadied: from 01/through October

of this year, there were 20,414, he said.

Bryan spoke Tuesday at the Armed Forces Communications and Electronics Association's

TechNet Asia-Pacific 2000 conference in Honolulu.

"We're better at detecting what level of activities there are," on DOD networks,

Bryan said. JTF-CND officials use "strict definitions" to define a cyber

event, and each event has to fulfill the requirements of seven categories,

he said.

The importance of having common criteria for what constitutes a cyber event

came up earlier on Tuesday, when Lt. Gen. Edwin Smith, commanding general

for U.S. Army Pacific, said there are 800,000 "hits" each week on his networks

from hackers. "And they're not all high school hackers," he added.

Ninety-seven percent of the time, intrusions into DOD systems could have

been prevented with better systems configurations, Bryan said. To address

that problem, the DOD CIO Executive Board is expected to sign a directive

for ports and protocol configuration control by the end of the month, he

said.

JTF-CND also has developed a single database covering all DOD organizations'

cyber events, Bryan said. Like his predecessor at JTF-CND, Air Force Maj.

Gen. John Campbell, he expressed frustration that the organization can't

do reconnaissance on cyber intruders who aren't in .mil domains.