Sunday, November 23, 2008

Pentagon Hit By Cyberattack

The original articles for the subsequent post can be found here and here.

According to two news articles from Foxnews.com, the Department of Defense--specifcally, the Pentagon--has been the target of a serious cyberattack. The cyberattack has, reportedly, affected some of the 17 million computers that store sensitive information on the Global Information Grid. According to the articles, the cyberattack came in "the form of a global virus or worm that is spreading rapidly through a number of military networks." As a result of this attack by commercial malware, use of external hardware devices such as flash drives, external hard drives, and DVD's has been banned.

As to the cause of this cyberattack, not many specifics are known. A rear admiral in the United States Navy has reportedly attributed the introduction of the global worm "to a service member with access to classified information [that] inadvertently loaded the virus onto his computer via a flash drive." This also explains why external devices such as flash drives have been banned. The authors of the malware--and the architects of the cyberattack--are as yet unknown. In fact, the cyberattack could have come "from a number of foreign countries, possibly Russia, though the military is dismissing earlier reports that China was the source of the threat."

Now that the Department of Defense has detected the virus, the next thing they need to do is follow the incident handling process described in class. Namely, they should contain the virus by removing the ways in which the virus is thought to have entered the network. I believe that the Department of Defense has done that very thing by prohibiting the use of external drives. They then must restore their systems to a "known good state," but the details of that may be difficult since we do not know the extent to which the network has been damaged by this cyberattack. In restoring their systems to a "known good state," they may have to rebuild their systems entirely or they may just have to redesign their information security environment. Finally, they must analyze how to prevent further such cyberattacks. That may require further restricting access to sensitive information, or permanently enforcing the ban on all external devices.
Posted by HOBBITRD at 11/23/2008 03:18:00 AM

2 comments:

  1. BrendanNovember 23, 2008 at 7:35 PM

    What steps to security officials go through to track down the creators of a virus like this one? It must be incredibly difficult to find them. Also, if officials are able to catch them, what kind of punishment do they face for producing a virus?

    ReplyDelete
  2. madman8792December 14, 2008 at 12:20 PM

    I have the same question as Brendan. How severe is the punishment for a crime of that magnitude? And what are the max numbers of years you could do for a cyber-crime?

    ReplyDelete

Subscribe to: Post Comments (Atom)