May 5, 2009

U.S. Cyber Infrastructure Vulnerable to Attacks


By YOCHI J. DREAZEN and SIOBHAN GORMAN

WASHINGTON -- The government is struggling to keep pace with the growing number of attacks on its computer networks, potentially leaving key military and civilian systems vulnerable to overseas hackers, senior U.S. officials said Tuesday.

At several hearings on Capitol Hill, officials from each branch of the armed forces said the nation's cyber defenses were being challenged like never before by sophisticated, well-organized efforts to disrupt important systems and steal classified information.

"Threats in cyberspace move at the speed of light, and we are literally under attack every day as our networks are constantly probed and our adversaries seek to exploit vulnerabilities," Lt. Gen. William Shelton, the Air Force's chief information officer, told a House Armed Services Committee panel.

The Pentagon's top information-security official, Robert Lentz, said the Defense Department detected 360 million attempts to penetrate its networks last year, up from six million in 2006. The Pentagon recently disclosed that it had spent $100 million in the past six months repairing damage from cyber attacks.

The officials declined to specify the source of the attacks, but top military and civilian officials believe that most of the hacking attempts originate in Russia and China, which have been pouring resources into cyber espionage in recent years. Russian and Chinese officials have denied any wrongdoing.

The hearings come amid growing evidence that sophisticated overseas hackers are regularly penetrating important U.S. networks. The Wall Street Journal has reported that overseas hackers breached both the nation's electricity grid and the Pentagon's biggest weapons program, the $300 billion Joint Strike Fighter.

"I'd like to say that our networks are secure but that would not be correct," said Army Lt. Gen. Keith Alexander, who runs the National Security Agency. "We have vulnerabilities."

The Obama administration recently completed a 60-day review of the government's efforts to protect key public and private networks. The administration is expected soon to appoint a new White House cybersecurity chief, though the final deliberations over the report have sparked internal White House turf battles.

[Robert Gates]

ROBERT GATES

Later this month, the Pentagon will create a new military "cyber command" to coordinate the defense of Pentagon computer networks and improve U.S. offensive capabilities in cyberwarfare. Gen. Alexander, who is expected to lead the new command, said it would ensure the Pentagon was capable of "evolving to meet and overcome" cyber threats.

Still, officials warned Tuesday that federal systems remain vulnerable to attack. Gregory Wilshusen, the director of information security for the Government Accountability Office, said most "federal systems are not sufficiently protected to consistently thwart cyber threats." Lax cyber security at the Los Alamos National Lab, for example, put unclassified nuclear data at risk of theft or compromise. The GAO found that in 2008, 23 of 24 major agencies surveyed didn't have adequate computer security protections in place.

Lawmakers at a House Energy and Commerce Committee hearing compared the government's inability to protect networks and acquisitions programs to the lapses that led to the fall of Rome.

That theme continued in the House Armed Services Committee. "The Joint Strike Fighter program highlights a vulnerability that currently exists," said Rep. Jeff Miller (R., Fla.).

Robert Carey, the Navy's chief information officer, said defense contractors needed to do more to protect their systems from overseas hackers. He said the attempts to steal information were "advanced, persistent, sophisticated, always changing and well-resourced."

Army Lt. Gen. Keith Alexander, who is expected to lead the new command, called for a "partnership" between the government and the private sector. He acknowledged potential obstacles, including the difficulty of giving private companies access to classified intelligence on specific cyber attacks and possible corporate reluctance to spend the money necessary to better protect its networks.

Many civil-liberties groups and companies are wary about giving the government broad access to commercial systems and networks. Pending legislation would establish federal standards for key elements of private industry.

Gen. Alexander said the government was training a new generation of computer network experts. In April, Defense Secretary Robert Gates said the Pentagon aims to quadruple the number of such staffers over time.

Still, Gen. Alexander cautioned that the current cybersecurity training efforts for military personnel, civilian officials and contractors were "inadequate" and "must be improved."

Source: http://online.wsj.com/article/SB124153427633287573.html

Other great sources of info. http://globalitandbusinessnews.blogspot.com/ http://globalbusinessnews.posterous.com/ http://kxlsyd.posterous.com/ http://twitterpulsepoll.posterous.com/ @globalnewsfeed - https://twitter.com/globalnewsfeed @pulsepoll -https://twitter.com/pulsepoll @kxlsyd - https://twitter.com/kxlsyd


Posted via web from Kxlsyd

No comments: