Defense Department infrastructure still vulnerable to cyber-attacks, critics say.

• Author: Insinna, Valerie

The Defense Department knows how to fight a kinetic war with bullets, bombs and boots on the ground, but it is still figuring out what a cyberwar would look like and how it would be fought.

[ILLUSTRATION OMITTED]

With rules of engagement due out this year that will govern how the military operates in cyberspace, officials asserted that they are closer than ever to making network offense and defense a normal part of military operations. However, security analysts and industry officials say there is still much work to be done, including hardening its networks, beefing up security practices and recruiting talented computer specialists.

There is no guarantee that the U.S. information technology infrastructure would stand up to a full-spectrum cyber-attack by a sophisticated enemy, said a January report titled, "Resilient Military Systems and the Advanced Cyber Threat" by the Defense Department's defense science board task force.

Lou Von Thaer, one of the report's authors, described how such an attack could affect a Navy ship at sea.

"Your common operational picture ... suddenly becomes distorted. Real targets disappear, being replaced by phantom targets in different locations," Von Thaer, who is also president of General Dynamics Advanced Information Systems, said at the Navy League's Sea-Air-Space Exposition in April. "Critical databases on the ship are compromised. The main gun's fire control system has been hijacked and is aimed at your ally.

"Can you stop it from firing? Your supply chain is corrupted, your fuel is ordered to the wrong GPS coordinates. How do you get your ship and sailors out of harm's way or into the mission that you need to execute?" he asked.

Von Thaer admitted his examples were overdramatic but asserted that small Defense Department teams were able to accomplish similar feats using only software downloaded from the Internet.

His task force spent 18 months studying the resiliency of Pentagon networks by compiling information from these exercises and more than 50 briefings from department and military personnel, industry officials and academia.

Using "exploits"--computer software or code named for its ability to take advantage of a system's vulnerabilities--the red team hackers were able to infiltrate Defense Department networks in short order, the report said.

"Such penetrations could seriously impede the operation of U.S. forces by degrading network connectivity, corrupting data and gaining intelligence," the report...