Cyber Intrusions Into Air Force Computers Take Weeks to Detect
A forensics investigation into a network breach lasts an average of 45 days, said Arthur L. Wachdorf, senior advisor for intelligence and cyber-operations for the 24th Air Force, the organization that operates and defends the service’s networks.
“That’s way better than we used to be, but that’s not tactically acceptable,” he told an AFCEA information technology conference in Tysons Corner, Va.
The Air Force needs hardware and software that leaves no back doors to the network open, officials said. Currently, if hackers find a hole they can unload “truckloads of information” without the service even knowing they were even on the network, said Lt. Gen. Marc Rogers, inspector general of the Air Force.
Officials asked for industry help to improve its ability to watch over the network and detect and respond to unauthorized activity.
“We can do some but not enough,” Rogers said. “All of our cyber-moats and fort walls and locks and doors we build aren’t quite good enough.”
Companies looking for business opportunities in this arena should turn to Air Force Space Command.
“That’s where we’re going to spend our money,” said Lt. Gen. William Lord, chief of warfighting integration and chief information officer of the Air Force.
The service must configure its standards and operating systems across the board and develop tools that allow them to conduct remote inspections of assets across the network, officials said. Some Air Force computers are still running Windows 2000, which is nearly impossible to protect because it doesn’t receive the security upgrades that newer software does, Wachdorf said.
As the Internet attracts more users, the job to keep intruders out of critical networks becomes more difficult. Suddenly people have access to more information in a year than in the previous hundreds of years, and that has lowered the price of admission for war, Lord said.
“You’re no longer worried about some small nation’s army because four teenagers with a laptop connected to an [Internet service provider] can provide maybe a kinetic effect as a result of their non-kinetic activity a long, long way away,” he said.
In the past, officials would simply shut down the network when they spotted an intruder. That can’t be done now because most of what the Air Force uses in combat, from drones to GPS, relies on connectivity.
“The enemy is already in our network,” Lord said.
“It can’t take 45 days for us to figure out what the heck is going on in the network,” he said. “In some cases we only have seconds to react and that reaction may have to be automatic.”
The Air Force, like the other armed services, also needs “cyberwarriors” that can defend the network and even go on the attack.
The service recently put out a secret request for information to find out what ideas and products industry has for offensive cyber-operations.
But the software will have limited effectiveness without the proper work force, officials said. The pool of experts capable of performing the forensics work is small, Rogers said. The Defense Department’s Cyber Crime Center currently employs about 400.
The Air Force’s Office of Special Investigations has a staff of 3,200, each of whom the service plans to train in Internet investigations and forensics.