Despite Scare Talk, Attacks on Pentagon Networks Drop

Noah Shachtman
Noah Shachtman Former Brookings Expert, Executive Editor - The Daily Beast

October 28, 2010

Listen to the generals speak, and you’d think the Pentagon’s networks were about to be overrun with worms and Trojans. But a draft federal report indicates that the number of “incidents of malicious cyber activity” in the Defense Department has actually decreased in 2010. It’s the first such decline since the turn of the millennium.

In the first six months of 2010, there were about 30,000 such incidents, according to statistics compiled by the U.S.-China Economic and Security Review Commission. Last year, there were more than 71,000. “If the rate of malicious activity from the first half of this year continues through the end of the year,” the commission notes in a draft report on China and the internet, “2010 could be the first year in a decade in which the quantity of logged events declines.”

The figures are in stark contrast to the sky-is-falling talk coming out of the Beltway.

“Over the past ten years, the frequency and sophistication of intrusions into U.S.military networks have increased exponentially,” Deputy Defense Secretary William Lynn wrote in a recent issue of Foreign Affairs.

In his April Senate Armed Services Committee confirmation hearing, U.S. Cyber Command and National Security Agency chief Lt. Gen. Keith Alexander said he was “alarmed by the increase, especially this year” in the number of attempts to scan military networks for potential vulnerabilities. His NSA predecessor, retired Adm. Mike McConnell, took things three steps further, writing: “the United States is fighting a cyber-war today, and we are losing.”

The report cautioned that the drop in “malicious activity … may or may not represent a decrease in the volume of attempts to penetrate defense and military networks.” Instead, the Pentagon seems to be doing a little better job in securing its networks, ever since a relatively-unsophisticated worm made its way onto hundreds of thousands of military computers in late 2008.

During “Operation Buckshot Yankee,” the subsequent clean-up effort, military leaders found that they were unable to gather even the most basic information about how their computers were configured — and what programs might be living in their networks.

In response, implementation of a new, Host-Based Security System was accelerated, for better threat detection. Information security training and patch updates are mandatory. And there’s now a Cyber Command responsible for coordinating threat monitoring, network defense and information attack. Leaders now have “greater visibility of threat activity, vulnerability, and ultimately risk” into network threats, the report says. “Greater resources, enhanced perimeter defenses, and the establishment of U.S. Cyber Command” have all helped, as well.

Does that mean the Pentagon is suddenly safe from hack attacks? Of course not. Could some adversaries be in the process of trading malware quantity for malware quality? Of course they could. But, at least in this most basic of measures, there are indications that the threat to Defense Department networks may not be quite as overwhelming and unstoppable as some in the military brass have led us to believe.