The Pentagon’s main battlefield intelligence network in Afghanistan is vulnerable to hackers — both the enemy or a leaker — and the U.S. command in Kabul will cut it off from the military’s classified data files unless the Army fixes the defects within 60 days, according to an official memo obtained by The Washington Times.
The confidential memo says the Army’s Distributed Common Ground System (DCGS) flunked a readiness test and does not confirm the sources of outside Internet addresses entering the classified database.
The Sept. 5 warning from the U.S. command in Kabul is another blow to the intelligence network, commonly called “D-Sigs.” It already sustained a wave of criticism from soldiers saying its performance was unreliable and from the Pentagon’s top tester, who judged it as not operationally effective.
The notice was issued with the U.S. military on heightened alert against unlawful entry into classified computer networks, not only by the enemy but also by “friendlies” such as Army Pvt. Bradley E. Manning and former National Security Agency contractor Edward Snowden. Both illegally downloaded reams of classified data that got widespread dissemination in the media and, officials say, greatly damaged America’s security.
One of the common ground system’s key functions is to process data that helps analysts identify links between insurgents and uncover improvised explosive devices, the No. 1 killer of U.S. troops in Afghanistan.
Some in Congress have pushed to cut off D-Sigs funds and urged the Army to buy off-the-shelf commercial products that they say can do a better job in a war where intelligence is crucial to finding insurgents who operate among civilians.
Rep. Duncan Hunter, California Republican, is D-Sigs’ top critic on Capitol Hill and wants the Army to buy proven commercial intelligence analyzers.
“At some point, there needs to be some realization that solutions exist to all the things that can’t be done internally,” Mr. Hunter said Tuesday. “And through all of this, what’s most frustrating is that the men and women on the ground are the ones losing out, and that’s a real disservice to them and their mission.”
The warning order signifies that the command in Kabul does not believe the common ground system can defend itself against hackers at all times.
If D-Sigs is not fixed within 60 days, Army intelligence analysts will be barred from using it to sift through intelligence reports on the Secret Internet Protocol Router Network (SIPRNet), making the DCGS system significantly less useful.
The command memo cites four reasons for the threatened suspension. The most serious: DCGS failed, with a grade of “critical concern,” a readiness test by the Command Cyber Readiness Inspection at Bagram Air Base.
The memo also criticizes the Army’s program manager on how D-Sigs handles Internet Protocol addresses through which data are sent or received in the system. The Army also has not made the system compliant with operational guidelines established by the U.S. command in Kabul.
To avoid having its system cut off from the SIPRNet database, the Army must conduct weekly security vulnerability scans of each D-Sigs workstation to confirm that none has been compromised or penetrated.
The Army must rid DCGS of “private” IP addresses, which are difficult to trace in trying to determine who has entered the system, and convert to authorized “public” IP addresses, which are known to system administrators.
The Afghan command also wants a list of all IP addresses outside the network that require access to D-Sigs’ large collection of intelligence data.
The memo obtained by The Times does not say whether D-Sigs has, in fact, been hacked or sustained a security breach.
“DCGS-A continues to have repeated security failures. … DCGS-A currently can’t comply with DoD security regulations which is unfortunately increasing the chances that classified information may be compromised,” an Army intelligence analyst who requested anonymity to freely discuss security matters said in an email. “In my estimation, security breaches are more likely to occur because DCGS-A is not capable of providing computers that work or producing an audit trail.
“There were multiple DCGS work stations that crashed and they were always replaced with a laptop that was just as bad. It’s troubling to comprehend the lack of what DCGS-A provides to soldiers and how much it has cost the U.S. taxpayer.”
Members of the Army’s top brass steadfastly have defended D-Sigs, which has been in the works for more than a decade, as a giant leap in battlefield intelligence collection. It has presented to the media soldiers who operate D-Sigs and say it works great.
Its top defender is Gen. Raymond T. Odierno, Army chief of staff, who got into a spirited public debate with Mr. Hunter at a budget hearing this year.
“We have more capability today in our intelligence than we’ve ever had,” the general said. “I can go to 30 places that tell me [D-Sigs] is working tremendously. Is it perfect? No.”