The Pentagon has ordered all troops and officials involved in protecting computer networks from enemy hackers to undergo training in computer hacking themselves.
A Feb. 25 update to a directive on information security from the office of the assistant defense secretary for networks and information integration requires workers involved in what the Pentagon calls computer-network defense to be certified in understanding as many as 150 hacking techniques.
The new training requirement comes as the Pentagon is moving ahead with creation of a new Cyberwarfare Command at Fort Meade, Md.
The certification will be carried out by specialists at the private International Council of E-Commerce Consultants, known as the EC-Council, which conducts what it calls “ethical hacker” training.
The council’s president, Jay Bavisi, said the updated directive is the first time the Pentagon acknowledged publicly that it conducts hacker training.
The certification will be carried out during intensive, five-day sessions that tests a computer defender’s understanding of the mindset, tools and techniques of enemy hackers, who according to the Pentagon, conduct on a daily basis thousands of attempted computer attacks on defense networks alone.
“To beat a hacker, you must think like one,” Mr. Bavisi said in an interview.
Computer-network defenders are part of a new system of cyberwarriors being developed that must stop hackers, a threat that can range from sophisticated foreign militaries to criminal organizations to teenagers.
Other computer warriors are engaged in offensive computer-network attack operations.
Mr. Bavisi said computer security officials will be certified in understanding known hacker techniques, which have increased from 63 to 150 methods, each one of which can involve hundreds of underground hacking tools.
“Hackers are always inventing new ways to attack, and we teach the good guys how the bad guys do it,” he said.
Mr. Bavisi said America’s traditional military power is facing a “dangerous crossroads” in the digital era. “The space race may be over, but the cyberrace has just begun,” he said. “Cyberwar is a looming threat that could have devastating consequences for the U.S. government, not to mention the nation’s infrastructure and private business.”
The director of the Pentagon’s Missile Defense Agency warned recently that the threat from missiles is growing, and the military is responding with a major buildup of missile-defense forces.
“We cant get the genie back in the bottle … the threat is growing and proliferating … it is inherently unpredictable, and we need a flexible missile-defense program that is responsive,” Army Lt. Gen. Patrick J. OReilly said recently in commenting on release of the Ballistic Missile Defense Review report.
The agency released an update last week on its programs in an internal newsletter called Trajectories that outlined deployment plans for new ground- and sea-based missile defenses around the world.
By October, the U.S. military will have 30 ground-based missile-defense interceptors in place that are capable of knocking out long-range missiles. Three-stage, solid-fuel Interceptors with non-explosive warheads currently are based at Fort Greely, Alaska, and Vandenberg Air Force Base, Calif.
Additionally, over the next two years, the military will add 10 Aegis-equipped missile-defense warships to the 19 ships currently deployed, mainly in the Pacific. A total of 20 ships with 61 SM-3 interceptors will be in place by the end of the year.
Also being added this year are 26 new Terminal High-Altitude Area Defense systems, known as THAAD, the Army’s new ground-based missile defense. THAAD is considered a major step up from the current Patriot PAC-3 defenses.
To better link global missile defenses, new command-and-control software is being added. The upgrade will improve worldwide and space sensors for missile defense.
Phase one of the new “adaptive” missile-defense plan for Europe will be deployed this year. It includes deployment of Aegis ballistic-missile ships with SM-3 missiles and forward-based sensors to track enemy missiles.
The adaptive system is a replacement for the ground-based interceptor (GBI) base in Poland that was scrapped amid objections from Moscow.
Recent missile-defense testing has been mixed. A key success, however, was the Feb. 11 first flight test of the Airborne Laser, a Boeing 747 that fired a beam weapon and destroyed a simulated short-range missile. It was the first time a laser successfully attacked and destroyed a missile shortly after launch.
A Jan. 31 flight test of a long-range GBI missed its target missile, and an investigation is under way to find out why.
The Obama administration has ordered U.S. counterintelligence agencies to step up efforts to stop foreign spies from stealing secrets and data through computer attacks on both government and private-sector computers and networks in the search for intelligence.
The recently declassified portions of the White House Comprehensive National Cybersecurity Initiative orders creation and implementation of a “a government-wide cyber counterintelligence (CI) plan.”
The initiative stated that such a program is needed to coordinate counterintelligence against foreign cyberspies among all federal agencies. Specifically, the activity will “detect, deter and mitigate” spying in both U.S. and private-sector information systems.
It calls for better training and employee awareness of cyberspying threat and to “increase counterintelligence collaboration across the government.”
The initiative revealed that the federal government currently lacks such a cross-agency counterspy program, despite the growing threat of cyber-espionage.
“We’ll never have an effective government-wide cyber-counterintelligence effort until we have a government-wide, nuts-and-bolts counterintelligence capability,” said Michelle Van Cleave, a former senior counterintelligence policymaker.
“And that doesn’t necessarily mean deploying computer whizzes sitting at their keyboards. Sometimes the best counter to a cyberattack may be a human penetration. All the parts need to work together.”
A report made public in July by the office of the National Counterintelligence Executive stated that “cyberthreats are increasingly pervasive, and several key adversaries have drastically expanded their computer network operations for intelligence collection and military use.” Foreign spying against BlackBerrys and iPhones also increased, the report said.
Globalization of computer use and constantly changing cyberspying techniques have made it more difficult to detect and prevent intrusions, the report said.
The report made no mention of specific nations engaged in cyberspying, but U.S. officials have said China, Russia and Iran are among the most aggressive in using their intelligence services for spying by computer.
Don’t ask timeline
Defense Secretary Robert M. Gates this week put out an interesting timeline for meeting President Obama’s promise to end the military’s ban on open gays.
Mr. Gates issued a four-page memo to Army Gen. Carter Ham and Pentagon General Counsel Jeh Johnson, who are leading the policy review, on how he wants them to study of the repeal’s impact on combat readiness, reports special correspondent Rowan Scarborough.
His order reads, in part, “determine any impacts to military readiness, military effectiveness and unit cohesion, recruiting/retention, and family readiness that may result from repeal of the law and recommend any actions that should be taken in light of such impacts.”
Mr. Gates wants the report done by Dec. 1, which is significant because it means Congress will not vote on whether to repeal the ban until members see the report. Military committees in Congress also likely will want to hear from the report’s authors and the Joint Chiefs of Staff to determine how it affects their opinions.
By Dec. 1, the Joint Chiefs’ most ardent opponent of lifting the ban will likely be retired. Gen. James T. Conway, the Marine commandant, was sworn in Nov. 13, 2006. Service chiefs typically serve one four-year term, so his successor would testify at any post-report hearings. Ban proponents will have lost a strong voice.
The Dec. 1 date also means a lame-duck Congress following the November elections would debate the issue. Democratic leaders may force a ban repeal vote at that point, especially if they have lost seats, as polls indicate they will.
Moderate and conservative Democrats who lost re-election would not pay a political price if they chose to vote for repeal.