DOD defends Web site shutdown
Code Red worm thwarted, but officials say they may do things differently in the future
Military officials continue to defend the decision to shut down public access to hundreds of Web sites to thwart the Code Red worm, but they also say hey have learned from the experience and may do things differently in the future.
The Pentagon already has increased the capacity of some of its central processing units to handle messages and avoid being overloaded during a so-called denial-of-service attack. That means officials likely will bemore selective in cutting off public access in the future.
"Just like we do surgical strikes in the Air Force, we are now starting to figure that this is warfare out there on these nets, and if there are certain [IP] addresses that can be turned back on, we can selectively turn those addresses on to allow critical information flow," said Lt. Gen. Harry Raduege, director of the Defense Information Systems Agency. "We are now performing surgical strikes or openings across our networks instead of brute-force blocking."
Officials in each of the military services also are scrambling to come up with a standard procedure so that they can continue operating as normally as possible when networks are under attack.
Although Code Red is now largely dismissed as having been ineffective, it didn't appear harmless to the Pentagon when the worm first hit in late July. Central processing units at 16 DOD Internet connections in 13 locations started to reach 80, 90, even 100 percent of their load capacity, Raduege said. They normally operate at 10 percent.
Raduege and Maj. Gen. David Bryan, commander of the Joint Task Force-Computer Network Operations, began collaborating with the Pentagon's Computer Emergency Response Team and with industry representatives working in the Global Network Operations Security Center. Not responding would have brought everything crashing down, Raduege said.
Bryan offered his recommendations to Gen. Ed Eberhart, commander of U.S. Space Command, which oversees computer network operations, and Eberhart made the call to shut off public access.
The rest of the world experienced an estimated 900,000 Code Red infections, the U.S. military only 214, Raduege said. Still, the Pentagon learned from the experience and will likely do things differently in the future.
Debate continues in the military about whether blocking public access was a justifiable move, military officials acknowledged this week during the Air Force Information Technology Conference in Montgomery, Ala. Raduege and others say it was.
Lt. Gen. John Woodward Jr., Air Force director of communications and information, indicated that this is still a new problem for the military, and another Air Force official said the Pentagon currently doesn't "have enough tools in our tool box" to cope with it.
NEXT STORY: NMCI testing decision nears