We Have Met The Enemy, And It Is Us
August 30, 2006: The U.S. Army has faced up to the fact that, in Cyber War, they have met the enemy, and it is us. For example, in the last ten months, there were sixty cases where hackers penetrated army networks. These all took place at fifteen army bases in the United States. As bad as that was, there were also 6,100 cases where sloppy work by soldiers allowed viruses, Trojan horses and other malware to get onto an army network. While most of these automated hacks were not looking for classified information, or collecting information for later, wartime, attacks on the army systems, they did penetrate the army defenses.
Foreign Cyber War organizations apparently have become aware of this major weakness, and are now launching email attacks on people with .mil email addresses. This gets the attackers into military networks, where the attached virus or worm can turn army PCs into zombies, at least until a diligent army systems administrator comes along searching for this sort of malware.
The sixty deliberate hacker attacks (that succeeded, and were detected) may have done more damage. But the 6,100 penetrations due to sloppiness or ignorance (poorly trained computer users and systems administrators) are potentially the largest vulnerability. When you count the reserves (which you have to, as the reservist troops have access to most army networks), the army has over a million users, thousands of major networks and over half a million PCs (and over a million computers, although not all of them are on networks, yet). You can pile on all manner of hardware and software defenses on the most critical systems, but with so many poorly trained users and systems staff, you always have a huge vulnerability to contend with. And this is the vulnerability that Cyber War operators are increasingly concentrating on.