Attack Detection in a Month

Tuesday, February 28, 2012 @ 03:02 PM gHale

In what seems like an eternity to find answers, it takes security experts more than one month to pull together information after a hacker penetrates Air Force computer networks. One month.

A forensics investigation into a network breach lasts an average of 45 days, said Arthur L. Wachdorf, senior advisor for intelligence and cyber-operations for the 24th Air Force, the organization that operates and defends the service’s networks.

Freedom Hacker on Mission
Hackers Find Global XSS Flaws
XSS Flaw in Skype Shop
Hacker Scopes Royal Navy, The Fed

“That’s way better than we used to be, but that’s not tactically acceptable,” he said at an AFCEA information technology conference in Tysons Corner, VA.

The Air Force is definitely not an industrial control system (ICS), but the question needs asking: How long does it take for a manufacturer to get answers on how an attacker got into the ICS?

The Air Force needs hardware and software that leaves no back doors to the network open, officials said. Currently, if hackers find a hole they can unload “truckloads of information” without the service even knowing they were even on the network, said Lt. Gen. Marc Rogers, inspector general of the Air Force.

Officials asked for industry help to improve its ability to watch over the network and detect and respond to unauthorized activity.

“We can do some but not enough,” Rogers said. “All of our cyber-moats and fort walls and locks and doors we build aren’t quite good enough.”

The service must configure its standards and operating systems across the board and develop tools that allow them to conduct remote inspections of assets across the network, officials said. Some Air Force computers are still running Windows 2000, which is nearly impossible to protect because it doesn’t receive security upgrades newer software does, Wachdorf said.

As the Internet attracts more users, the job to keep intruders out of critical networks becomes more difficult. Suddenly people have access to more information in a year than in the previous hundreds of years, and that has lowered the price of admission for war, Lord said.

“You’re no longer worried about some small nation’s army because four teenagers with a laptop connected to an [Internet service provider] can provide maybe a kinetic effect as a result of their non-kinetic activity a long, long way away,” he said.

In the past, officials would simply shut down the network when they spotted an intruder. That can’t happen now because most of what the Air Force uses in combat, from drones to GPS, relies on connectivity.

“The enemy is already in our network,” Lord said.

“It can’t take 45 days for us to figure out what the heck is going on in the network,” he said. “In some cases we only have seconds to react and that reaction may have to be automatic.”

Companies looking for business opportunities in this arena should turn to Air Force Space Command.

“That’s where we’re going to spend our money,” said Lt. Gen. William Lord, chief of warfighting integration and chief information officer of the Air Force.

Leave a Reply

You must be logged in to post a comment.