(.pdf) download - IAC - Defense Technical Information Center
(.pdf) download - IAC - Defense Technical Information Center
(.pdf) download - IAC - Defense Technical Information Center
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
10<br />
i n vo l ved DoD, Joint Staff, the<br />
S e r v i c e s, USACOM, USPAC O M ,<br />
U S S PACECOM, USSOCOM, US-<br />
TRANSCOM, NSA, DISA, NSC,<br />
DIA, CIA, FBI, NRO, and the<br />
Departments of Sta t e, Justice,<br />
and Tra n s p o r tation.<br />
Key observations of the exe r-<br />
cise included—<br />
• Poor info r m a t i o n a l / o p e rational<br />
security practices contributed<br />
to DoD vulnerabilities.<br />
• Attribution of attacks (i.e.,<br />
determining who and why) is<br />
very difficult.<br />
• DoD has little capability to<br />
detect or assess cyber atta c k s.<br />
• Detection, reporting, re -<br />
sponse processes are unres<br />
p o n s i ve to the speed of cyber<br />
a t ta c k s.<br />
ER '97 demonstrated—in a<br />
re a l - world exe rcise—that DoD is<br />
not properly org a n i zed for detecting,<br />
reporting, and re s p o n d-<br />
ing to IO attacks in a timely<br />
m a n n e r. A case that re c e n t l y<br />
u n d e rs c o red the findings of ER<br />
'97 was SOLAR SUNRISE.<br />
I An e w s l e t t e r Spring 1999 • Vol. 2 No. 4<br />
A Real-World Example of IA<br />
Weaknesses—SOLAR SUNRISE<br />
SOLAR SUNRISE was a series<br />
of DoD computer network attacks<br />
that occurred from 1 to 26<br />
February 1998. The attack pattern<br />
was indicative of pre p a ration<br />
for a follow-on attack on the<br />
DII. At least 11 attacks on Air<br />
Fo rc e, Navy, and Marine Corps<br />
c o m p u t e rs worldwide fo l l o we d<br />
the same pro f i l e. At tacks we re<br />
w i d e s p read and appeared to be<br />
f rom sites such as Israel, the<br />
United Arab Emirates (UA E ) ,<br />
Fra n c e, Ta i wan, and Germany.<br />
Fu r t h e r m o re, the attacks occ<br />
u r red when the United Sta t e s<br />
was preparing for potential mili<br />
tary action against Iraq in response<br />
to UN weapons inspection<br />
disputes and could have<br />
been aimed at disrupting deployments<br />
and opera t i o n s.<br />
In the end, the atta c ke rs<br />
turned out to be two teenagers<br />
f rom California and one teenager<br />
from Israel—not Iraq, terro r-<br />
i s t s, fo reign intelligence serv<br />
i c e s, nation sta t e s, or hacke rs<br />
for hire. Although the atta c k s<br />
did not cause any serious damage<br />
to DoD systems, they could<br />
h a ve seve rely affected DoD during<br />
heightened tensions with<br />
I raq.<br />
SOLAR SUNRISE re c o n-<br />
firmed the vulnerabilities of<br />
DoD computer networks and<br />
D o D ’s need to make some<br />
changes in its approach to IA.<br />
As Dr. John J. Hamre, Deputy<br />
S e c re tary of <strong>Defense</strong>, said, "this<br />
should serve as a serious wa ke -<br />
up call." If high-school<br />
t e e n a g e rs can infiltrate DoD<br />
systems with ease, imagine the<br />
damage that could be done to<br />
U.S. security by skilled pro f e s-<br />
sionals or potential adve rs a r i e s<br />
in future asymmetric conflicts.<br />
Making JV2010 A Viable Concept<br />
In 1996, for the third consecu<br />
t i ve year, the <strong>Defense</strong> Science<br />
B o a rd (DSB) concluded that a<br />
need exists for ex t ra o rdinary action<br />
to deal with the present and<br />
e m e rging challenges of defending<br />
against possible info r m a t i o n<br />
a t ta c k s. Ac c o rdingly, the DSB<br />
recommended more than 50 actions<br />
designed to better pre p a re<br />
DoD for this new form of wa r-<br />
fa re.<br />
Of the 13 major DSB re c o m-<br />
m e n d a t i o n s, the author of this<br />
article believe five are essential<br />
to maintaining the integrity of<br />
DoD systems and providing an<br />
a p p ropriate environment for executing<br />
Joint Vision 2010 —<br />
• Designate an accountable IO<br />
focal point. The Secre tary of<br />
<strong>Defense</strong> must have a single<br />
focal point charged with providing<br />
leadership of the comp<br />
l ex activities and interre l a-<br />
tionships that are invo l ved in<br />
this new wa r fa re area.<br />
• O rg a n i ze for IO-<strong>Defense</strong> (IO-<br />
D). Specific IO-D capabilities<br />
and org a n i zations must provide<br />
or support the capabilit<br />
i e s.<br />
• I n c rease awa re n e s s. Seniorl<br />
e vel government and industry<br />
leaders must be more<br />
a wa re of the vulnera b i l i t i e s<br />
and implications.<br />
• S taff for success. A cadre of<br />
high-quality, trained pro f e s-<br />
sionals with re c o g n i ze d<br />
c a reer paths is essential fo r<br />
defending present and future<br />
i n formation systems.<br />
• P rovide the re s o u rc e s. DSB<br />
estimated achieving its 13<br />
i m p e ra t i ves would cost<br />
a p p roximately $3.1 billion<br />
o ver fiscal years 1997 thro u g h<br />
2 0 01.<br />
The services—in efforts to defend<br />
their systems and pro c e s s-<br />
es against adve rsarial action—<br />
a re fielding a wide variety of Intrusion<br />
Detection Systems (IDS)<br />
u n i l a t e rally setting detection<br />
f e a t u re s, and reporting differently.<br />
The Army has deve l o p e d<br />
a three-phased Ne t work Security<br />
Impro vement Pro g ra m<br />
(NSIP) to implement the DSB’s<br />
re c o m m e n d a t i o n s. The Air<br />
Fo rce and Navy are deve l o p i n g<br />
their own plans in the absence<br />
of a single agency consolidating<br />
service effo r t s. Howe ve r, these<br />
p a rochial effo r t s, conducted<br />
along service-specific lines, are<br />
not consistent with the JV2010<br />
continued on page 16<br />
www.iatac.dtic.mil