A foreign computer intrusion two years ago reached classified Pentagon computer networks, prompting a reorganization of offensive and defensive cyberwarfare efforts, the commander of the new U.S. Cyber Command said Thursday.
Army Gen. Keith Alexander, who is also director of the National Security Agency (NSA), the electronic spying service, said in a speech that the compromise took place in late 2008 in what he described as “a serious intrusion into our classified networks.”
As a result, the Pentagon combined two cyberwarfare units under NSA to harmonize “offensive and defensive cybercapabilities” and build on NSA intelligence work on “understanding of the threat and the ability to respond to it,” Gen. Alexander said in a speech to the Center for Strategic and International Studies.
The four-star general provided no details on the classified information breach.
Pentagon officials said later that Gen. Alexander was referring to the compromise of classified networks through a computer “thumb” drive that planted a virus into classified networks in the fall of 2008.
The virus infection was reported in November 2008. However, Gen. Alexander’s comments disclosed for the first time that the virus infection was serious and reached classified computer networks, which have much higher levels of security than unclassified networks.
The Pentagon and military services in November 2008 temporarily banned all employees from using portable memory devices as a result of the compromise. The ban was lifted in February after the U.S. Strategic Command announced that it would permit limited use of portable storage media.
The drives, which are used to transfer and store information between computers, have become widely used by U.S. military and intelligence personnel around the world to share and move critical data.
The Pentagon now has identified flash drives that are approved for use in places such as Afghanistan and Iraq. Personal flash drives will continue to be banned for use with U.S. government networks.
While the origin of the computer virus was not identified, some U.S. intelligence officials said it was believed to have originated in China, one of the major cyberwarfare powers that is known to have dedicated military units engaged in developing viruses and malicious software.
Computer security specialists have said China’s cyberwarriors are expert at penetrating networks and stealing data, in addition to planting hidden software that permits future access that would allow for cyber-attacks during a crisis or wartime.
Gen. Alexander said an emerging threat to networks is sabotage, while most hacking in the past was aimed at stealing information.
“There are hints that some penetrations are targeting systems for remote sabotage,” he said.
Attackers like those who targeted the national networks in Estonia and Georgia were limited and allowed the system to continue operating, he said.
“But the potential for sabotage and destruction is now possible and something we must treat very seriously,” Gen. Alexander said. “And these threats are serious.”
Gen. Alexander said cyber-attacks place “our nation’s interests … in jeopardy.”
Technology that boosts productivity “also introduced tremendous vulnerabilities and created new challenges,” he said.
“America’s very wealth and strength make it a target in cyberspace,” Gen. Alexander said. “And one of the pillars of that strength, our military, is at risk, perhaps to an even greater degree.”
The military relies on a vast computer network for command and control, communications, intelligence, operations and logistics, he said. Currently, the military has more than 7 million machines linked to 15,000 networks, with 21 satellite gateways and 20,000 commercial circuits, he said.
Threats to the network come from an array of foreign states, terrorists, criminal groups and individual hackers.
Most of the thousands of attempted intrusions that take place each day against U.S. government computer systems are targeted at penetrating unclassified networks, which are used for a wide variety of communications, such as e-mail.
Classified data exchanged electronically is part of what the Pentagon calls the SIPRNET (Secret Internet Protocol Router Network) and a less-secret system called NIPRNET (Non-classified Internet Protocol Router Network).