Twitter Facebook Google RSS
 
National Defense > Blog > Posts > Cyber Intrusions Into Air Force Computers Take Weeks to Detect
Cyber Intrusions Into Air Force Computers Take Weeks to Detect
When a hacker manages to penetrate Air Force computer networks, it generally takes experts more than a month to piece together what went wrong.
 
A forensics investigation into a network breach lasts an average of 45 days, said Arthur L. Wachdorf, senior advisor for intelligence and cyber-operations for the 24th Air Force, the organization that operates and defends the service’s networks.
 
“That’s way better than we used to be, but that’s not tactically acceptable,” he told an AFCEA information technology conference in Tysons Corner, Va.
 
The Air Force needs hardware and software that leaves no back doors to the network open, officials said. Currently, if hackers find a hole they can unload “truckloads of information” without the service even knowing they were even on the network, said Lt. Gen. Marc Rogers, inspector general of the Air Force.
 
Officials asked for industry help to improve its ability to watch over the network and detect and respond to unauthorized activity.
 
“We can do some but not enough,” Rogers said. “All of our cyber-moats and fort walls and locks and doors we build aren’t quite good enough.”
 
Companies looking for business opportunities in this arena should turn to Air Force Space Command.
 
“That’s where we’re going to spend our money,” said Lt. Gen. William Lord, chief of warfighting integration and chief information officer of the Air Force.
 
The service must configure its standards and operating systems across the board and develop tools that allow them to conduct remote inspections of assets across the network, officials said. Some Air Force computers are still running Windows 2000, which is nearly impossible to protect because it doesn’t receive the security upgrades that newer software does, Wachdorf said.

As the Internet attracts more users, the job to keep intruders out of critical networks becomes more difficult. Suddenly people have access to more information in a year than in the previous hundreds of years, and that has lowered the price of admission for war, Lord said.
 
“You’re no longer worried about some small nation’s army because four teenagers with a laptop connected to an [Internet service provider] can provide maybe a kinetic effect as a result of their non-kinetic activity a long, long way away,” he said.
 
In the past, officials would simply shut down the network when they spotted an intruder. That can’t be done now because most of what the Air Force uses in combat, from drones to GPS, relies on connectivity.

“The enemy is already in our network,” Lord said.

“It can’t take 45 days for us to figure out what the heck is going on in the network,” he said. “In some cases we only have seconds to react and that reaction may have to be automatic.”
 
The Air Force, like the other armed services, also needs “cyberwarriors” that can defend the network and even go on the attack.

The service recently put out a secret request for information to find out what ideas and products industry has for offensive cyber-operations.
 
But the software will have limited effectiveness without the proper work force, officials said.  The pool of experts capable of performing the forensics work is small, Rogers said. The Defense Department’s Cyber Crime Center currently employs about 400.
 
The Air Force’s Office of Special Investigations has a staff of 3,200, each of whom the service plans to train in Internet investigations and forensics.

Comments

Re: Cyber Intrusions Into Air Force Computers Take Weeks to Detect

Pathetic and a clear indication of how NOT seriously the US seems to take the matter of IT security. 4 weeks to address a network breach is ridiculous and a travesty of national security. Seems the Koreans, Chinese and Russian dont have this problem.
bob clark at 2/28/2012 11:56 AM

Re: Cyber Intrusions Into Air Force Computers Take Weeks to Detect

This story shows how we have NOT learned, after all these years, to protect and manage the networks.  We are still using decades old approaches and are NOT advancing on the elements of the 'net' with modern networking tools and processes. We are protecting the wrong things at the wrong places and wondering why we are in the state we are.  Some have offered new ways and process but are vigoriously ignored because it upsets the balance of ownership and progress.
Robert Benson at 3/5/2012 10:00 PM

Add Comment

Items on this list require content approval. Your submission will not appear in public views until approved by someone with proper rights. More information on content approval.

Name: *

eMail *

Comment *

Title

Attachments

Name: *


eMail *


Comment *


 

Refresh
Please enter the text displayed in the image.
The picture contains 6 characters.

Characters *

  

Legal Notice *

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

 

 

Bookmark and Share