Army rebuilds network defenses after hacks

HHS Health IT Standards RFP

The Army has spent millions of dollars in the past year and a half to rebuild networks at major U.S. bases after hackers penetrated its systems, Army and industry officials said.

The incidents at the bases were serious enough that Army information technology officials pulled the plug on the connection to the Defense Department's Non-classified IP Router Network (NIPRNET).

As a result of the Army's network intrusions, Pentagon officials instructed the service to devise a plan to improve network security. Army IT officials have worked to improve network security and operations and to rebuild the networks at the facilities that were attacked.

The Army is developing an enterprise consolidation plan for next year that will reduce the number of networks and help improve the service's network defenses, Army and industry officials said.

The Army could spend millions of dollars repairing and upgrading the networks at two Army installations, said George Hermalik, Continental U.S. risk mitigation team leader in the Enterprise Systems Technology Activity (ESTA) in the Army's Network Enterprise Technology Command (Netcom). He spoke last week at the 2005 Army IT conference in Las Vegas.

Hermalik declined to specify what installations were involved in the effort. But Maj. Gen. Dennis Moran, director of information operations, networks and space in the Army's Office of the Chief Information Officer, said in a speech at the conference that Fort Hood, Texas, has a huge information security problem.

An industry official familiar with the situation said there have been hackings at Fort Hood, home of the 4th Infantry Division and the service's first digitized division, and Fort Bragg, N.C., the location of the 82nd Airborne Division and the service's elite paratroop forces. An Army IT official with knowledge of the events confirmed the hackings at Fort Hood, but would not comment on the other installation. He said remediation efforts have been ongoing at Fort Hood for the past two years.

Army IT officials declined to comment on the hackings' location and nature because that could give enemies insight about perceived or actual vulnerabilities in the service's networks. Fort Hood officials deferred comment to Army headquarters at the Pentagon.

Army IT executives took bold measures to improve network operations and rebuild networks after the events at the two bases. At one installation, leaders ignored concerns and advice from the Army's IT staff, so the IT executives cut the base's NIPRNET connection.

An Army IT official, who spoke on the condition of anonymity, said Gen. Richard Cody, the Army's vice chief of staff, the service's second highest officer, urged the bases to follow Army headquarters policy. The installation's connection to NIPRNET was restored after officials at the base complied with the Army's security regulations.

The effort to upgrade networks shows that service IT leaders take network operations seriously, Army and industry officials said. They said Lt. Gen. Steve Boutelle, CIO; Maj. Gen. James Hylton, Netcom commanding general; and Joe Capps, ESTA director, have been "brilliant and ruthless" in dealing with the Army's computer security problems.

"We are a nation at war, and although protection of our networks has always been a high priority, we are even more vigilant now, and the less the enemy knows, the better it is for the people who protect our networks and the soldiers they serve," said Vernon Bettencourt Jr., the Army's deputy CIO, in a statement. "I will not go into specifics on what types of defensive measures we have in place. However, I will say that great emphasis is placed on constant vigilance."

Remediation of the networks involves scanning networks for vulnerabilities, applying patches to operating systems and applications, and establishing appropriate security measures, Bettencourt said.

The Army plans to consolidate servers and networks servicewide to create a more secure, manageable environment, Army officials say.

The service will reduce the number of servers from between 3,000 and 10,000 to 800 and the number of connections to the Non-classified IP Router Network from about 199 to six, according to a presentation at the 2005 Army information technology conference held in Las Vegas last week.

The move will help the Army create a secure network boundary with a limited number of entry and exit points to the Internet.

— Frank Tiboni