FEATURES & COMMENTARY
Bethesda, MD. — Defense Department pleas to computer hackers to quit mischief-making appear to be falling largely on deaf ears, making spotting potential national security threats more difficult, a top Pentagon expert said.
Despite recent appeals, “we’re not seeing any diminishing” of the pace of attacks on Defense Department systems, said Richard Schaeffer, who heads the cyber-security office in the Pentagon arm responsible for command, control, communications and intelligence.
Last year, a total of 22,144 “attacks” were detected on Defense Department networks, up from 5,844 in 1998, Air Force Maj. Gen. John Campbell, then vice director of the Defense Information Systems Agency (DISA), told Congress in March.
So far this year through Aug. 4, a total of 13,998 such “events” have been reported, according to Betsy Flood, a spokeswoman for Arlington, Virginia-based DISA, which provides worldwide communication, network and software support to the Defense Department.
Updating the statistics in reply to a query from Reuters, she defined “events” as probes, scans, virus incidents and intrusions.
Schaeffer, at a Bethesda, Maryland, “Web Defense” conference on business solutions to cyber-crime, said the government would like to take hackers “out of the equation as much as we can” to make it easier to track cyber threats possibly tied to foreign foes.
Asked whether he expected recreational hackers to comply with the Pentagon request, he replied: “Probably not,” even though, he said, the Pentagon was crying “uncle” and telling hackers “you got our attention.”
Along with representatives of the armed services and federal law enforcement authorities, the Pentagon called on cyber vandals last month to turn their talents to defense.
Assistant Secretary of Defense Art Money urged hackers at an audience at “DEF CON 8.0” in Las Vegas to join the government or private industry and get on the “defense side.”
Once an underground event, the eight-year-old DEF CON computer hackers convention drew 5,000 people.
Schaeffer attributed the jump in reported attacks on Defense Department systems between 1998 and 1999 partly to improved intrusion-detection procedures and technology, along with stepped-up awareness and reporting.
But the “sophistication” of attacks was also increasing, he said, and the often-present “noise floor” from computer hackers “makes it a whole lot easier for (a serious threat) to slip in.”
He said the Pentagon was highly confident that its classified systems had never been penetrated by hackers, thanks to very strong access controls, and that only unclassified networks had been pierced.
Richard Thieme, a Milwaukee-based consultant on human dimensions of technology who chaired the panel at DEF CON at which the Pentagon made its appeal, said all but 1,000 of last year’s reported attacks were attributed to recreational hackers.
Schaeffer, in an interview with Reuters, said it was “highly probable” that at least some of the 22,000 attacks last year were mounted by foreigners probing U.S. security gaps.
But he said he had never seen anything purporting to document any such effort by China, often cited by U.S. national security experts as probably actively involved in developing offensive cyber weapons.