NEWPORT, R.I. -- Noting that a cyberterrorist attack could have grave consequences on the battlefield, the Army's top information security officer said Tuesday that the military must take a more proactive approach to defending its critical information systems.
"It is conceivable, in theory, for a hacker sitting in his easy chair to get inside a tank," Col. Thaddeus Dmuchowski, director of the Army's Information Operations Assurance Office, said during a conference sponsored by the National High Performance Computing & Communications Council.
"We can't wait for the next attack to happen," Dmuchowski said. "We have to be proactive. And in order to be proactive, we have to have as much imagination as those who would do us harm."
Dmuchowski's imagination prompted him to stop all simulation exercises about two weeks ago, when he learned that the Army was accessing its simulation software--which replicates potential battlefield situations--through an unclassified network.
If imaginative, tech-savvy adversaries had hacked into that network, Dmuchowski said, they could have gleaned crucial data about the Army's combat strategies, and figured out how to cripple critical communications systems. "What good is your test and evaluation, if the day you deploy for real, you come to a grinding halt?" he said.
Dmuchowski said cyber attacks against the Army's critical systems are rising dramatically each year. In fiscal 2001, there were 14,641 incidents--or attempted break-ins--and 98 actual intrusions, or successful attacks. By contrast, in fiscal 2000, there were 5,516 incidents and 64 intrusions.
But he noted that the vast majority of those intrusions were preventable. "Ninety-eight percent of all intrusions are against known vulnerabilities that should have been fixed," Dmuchowski said.
In an effort to eliminate those vulnerabilities, the Army is modernizing its entire communications security infrastructure. "We're trying to build a more robust system," Dmuchowski said. "But we need more people, and the hardware's got to be updated. And there are some big costs to that."
The Army also is taking steps to strengthen its information technology workforce through college internships, advanced degree scholarship programs for service members, and other training and education programs. "Academia is where we get the proactiveness we need to stay ahead of the bad guys," Dmuchowski said. "So we're spending a lot of time doing that."
The Army also is spending a lot of time patching existing weak spots in its critical networks, only to see new ones show up almost immediately.
"Fortunately, we're finally getting there," Dmuchowski said. "But we're still playing catch-up."