February 23, 2011: Defending government and military networks from hackers is complicated by the fact that there are many different types of attackers, who try to wheedle their way into networks for many different reasons. It's important for the defenders to quickly identify what kind of hacker is coming at them. Depending on the threat, a different type of response is required, and you want to ID the most dangerous threat early on, and get all over it.
These days, most of the attacks are from criminals. The rest are from various types of "recreational hackers." Some are competent, but most are strictly amateur hour. The people you have to worry about are the crooks. You can forget about the spammers, except the small percentage who use attachments (documents or PDF files) meant to infect your computer with a secret program that will steal information, or use your PC to send more spam. Spies and Cyber War operators will use attachments to steal secrets, or bury attack software even deeper into your networks, to be unleashed in wartime to wreck your networks.
Most government and military networks have pretty good defenses against spam and their attachments. So the big danger is the hacker who scans your system, gets a general idea how it is connected to the Internet, and then comes in personally to pick their way through your defenses. These operations can be spotted, if you watch carefully, because of their persistence. As a professional hacker encounters a well defended system, the highest priority is collecting information about the how the system is put together. With that knowledge, it's much easier to find a way in. All the while this is going on, the attackers are spending a lot of time trying to remain hidden. If the attackers are discovered, the attackers will often not immediately know it right away. The defenders will then try to find out where the attackers are coming from. That's very important, especially if the defended system is a defense contractor (involved in, say, building the F-35 or nuclear subs), and not a government or military operation. The latter will almost always be under attack by a foreign nation. China is the usual suspect here, and the Chinese spend less effort on hiding their tracks (which is costly and time consuming) these days. But a corporate spy type hacker will often be in the same country, and much more concerned about remaining hidden and unidentified. If a Chinese attack is exposed, no one gets arrested and the Chinese government just denies everything. But if corporate spies get found out, arrests and prosecution may follow.
The appearance of the Stuxnet worm last year, after having spread undetected for a year, made it clear why the government supported Cyber Warriors, although rarely encountered, were the most formidable threat to Internet security. Those in charge of American military networks would agree, even without any inside knowledge of Stuxnet, because they have been coping with growing Chinese attacks over the past decade. No one took credit for Stuxnet, but the two primary suspects are the United States and Israel, and there's some evidence that they cooperated on this one.
While Stuxnet is the most formidable known example of Cyber Warfare, especially since it attacked a network not even attached to the Internet, the most formidable attack probably remains unknown. That's because the best attacks strive to remain hidden, even after they have done their work. Undetected hacks can be reused, plus the victim doesn't know what they have lost, or if they do, they don't know how. So no matter how devastating a network penetration you might hear about, it's probably not the worst one out there.