The weakest (hyper)link

The state of information assurance can’t be good when the director of the Army’s global network operations and security center informs the LandWarNet 2008 conference audience that he doesn’t trust online banking anymore.

Col. Barry Hensley outlined his concerns during his session, and conference discussions about viruses, malware, phishing attacks and other similar cyberattacks made it clear that any network connected to the Internet is unsafe — including the Defense Department's Unclassified but Sensitive IP Router Network. Medical and personnel records of everyone from generals to flag-rank officers and other sensitive data have been stolen from the network because of gaps in network security — often unintentionally caused by users.

Although the compromised information is not nearly as critical an intelligence coup as, say, the cryptographic material John Walker stole and gave to the Soviets, cyberattacks threaten to disrupt the flow of information and can diminish the reliability of network data — as happened recently in the Republic of Georgia.

The cyberattacks targeting Georgia are an indication of how cyber warfare might become integrated with future conflicts. Using a network of computers that included machines in Russia, hackers launched denial-ofservice attacks against the public Web sites of most of Georgia's major government agencies in advance of Russia’s occupation of parts of Georgia. The hackers also took over several Georgian Web sites for propaganda and psychological operations and distributed information to allied hackers about which sites were vulnerable to defacement or other exploits. Some news sites in Georgia were attacked, too.

The result was the disruption of Georgia's ability to disseminate information to its residents and the rest of the world. The Georgian Ministry of Foreign Affairs was forced to set up a site on Google's Blogspot to post information and directed people to go to the Web site of Poland’s president for up-to-date information.

In a world where there is, as Gen. George Casey, the Army’s chief of staff, calls it, persistent conflict, the threat level for all U.S. government networks — and particularly the Defense Department’s networks — will only increase. And it will take more than firewalls to face the threat.