Spurred by the rising threat of hacking attempts, the Pentagon is rethinking its approach to network security by requiring top-secret security clearances for all system administrators.
The Pentagon also will roll out a system of authentication for all the agency's computer users, according to the Department of Defense's chief information officer.
"The strength of the U.S. is its information technology. The weakness of the U.S. is its information technology," said Arthur Money, Defense Department CIO and senior civilian official in the Office of the Assistant Secretary of Defense. Money spoke Monday at the 22nd National Information Systems Security Conference sponsored by the National Institute of Standards and Technology and the National Security Agency.
Increasingly, information that is considered "sensitive" but not officially classified, such as hospital records, aircraft dispositions and research laboratory findings, has become a vulnerable part of the Defense Department's arsenal of information. That's because of the ability of outside computers to assemble snippets of apparently harmless material into a valuable dossier.
During testimony before a Senate committee earlier this month, Michael Vatis, the top official of the FBI's National Information Protection Center, said that the agency suspected Russian officials of attempting to break into such sensitive information in Defense Department computers.
Money said the recently disclosed "Moonlight Maze" hacking attempts on the Pentagon were far more sophisticated than the January 1998 attack known as "Solar Sunrise," which was later traced to several American teenager hackers exploiting known vulnerabilities in Defense Department computers.
"This is no longer hackers, but a state-sponsored attack," said Money. "Over a year, the severity and the frequency has increased dramatically."
While mandatory top-secret security clearances are designed to combat such problems, the Pentagon is instituting an extensive public-key infrastructure that will allow DoD to better track possible security breaches.
The PKI rollout, to be conducted in face-to-face sessions with computer users, will begin with a few hundred thousand military officials. But its scope will eventually expand to cover nearly 7 million civilian and military personnel and contractors, Money said. He cited C.P. Snow, a British scientist who aided the country's military during World War II, who said: "Technology is a queer thing, it brings you great gifts on the one hand, but stabs you in the back on the other."
NEXT STORY: Government is the enemy no more