the U.S. government on the overhaul o its computer securitystrategy. “Now they’re saying, ‘Oh, s--t.’”Adding to Washington’s anxiety, U.S. intelligence oi-cials say many o the new attackers are trained proession-als backed by oreign governments. “The new breed o threatthat has evolved is nation-state-sponsored stu,” says AmitYoran, a ormer director o Homeland Security’s NationalCyber Security Div. Adds one o the nation’s most senior mil-itary ocers: “We’ve got to gure out how to get at it beoreour regrets exceed our ability to react.”The military and intelligence communities have ngered the
V e e R
APRIL 21, 2008
Homeland Security Dept. last scal year,triple the number rom two years earlier.Incursions on the military’s networks wereup 55% last year, says Lieutenant GeneralCharles E. Croom, head o the Pentagon’sJoint Task Force or Global Network Op-erations. Private rms like Booz Allen arejust as vulnerable—and pose just as muchsecurity risk. “They have our inormationon their networks. They’re building ourweapon systems. You wouldn’t want that inenemy hands,” Croom says. Cyberattackers“are not denying, disrupting, or destroy-ing operations—yet. But that doesn’t meanthey don’t have the capability.”
shutting down ports
When the deluge began in 2006, ocialsscurried to come up with soware “patch-es,” “wraps,” and other bits o triage. Theeort got serious last summer when topmilitary brass quietly summoned the chie executives or their representatives romthe 20 largest U.S. deense contracts tothe Pentagon or a “threat brieng.” Sincethen,
has learned, the U.S.government has launched a classied op-eration called Byzantine Foothold to detect,track, and disarm intrusions on the government’s most criti-cal networks. And President George W. Bush on Jan. 8 quietlysigned an order to overhaul U.S. cyberdeenses, establishing12 distinct goals, according to people brieed on its contents.One goal in particular illustrates the urgency and scope o the problem: By June all government agencies must cut thenumber o tiny communication channels, or ports, throughwhich their networks connect to the Internet rom more than4,000 to ewer than 100. On Apr. 9, Homeland Security Dept.Secretary Michael Cherto called the President’s order a cy-bersecurity “Manhattan Project.” First, he said, the U.S. must“get our own house in order.”But many security experts worry theInternet has become too unwieldy to betamed. New viruses appear every day, eachseemingly more sophisticated than the pre-vious one. The Deense Dept., whose Ad-vanced Research Projects Agency (DARPA)developed the Internet in the 1960s, is be-ginning to think it created a monster. “Youdon’t need an Army, a Navy, an Air Forceto beat the U.S.,” says General William T.Lord, commander o the Air Force CyberCommand, a unit ormed in October, 2006,to upgrade Air Force computer deenses.“You can be a peer orce or the price o thePC on my desk.” Military ocials have longbelieved that “it’s cheaper, and we kill stu aster, when we use the Internet to enablehigh-tech warare,” says a top adviser to
an eVOLVInG threat
Major aacks o U.S. govrm as usry ovr yars
Ar Forc a navycomurs ar by malcous coa s ou a ol Su Mcro-sysms’ Solars orag sysm,ac s ow ry o— og. Som aacks arrou roug U Arabemras wl U.S. s rargor mlary aco iraq. turs ou aacks wr lauc by woagrs Clovral, Cal., aa isral accomlc wo callmsl “Aalyzr.”
Mac, 1998, 1999.
A-ackrs us scrs o ga accsso Wb ss a ds d.,nASA, ergy d., a wa-os labs across coury. Largacks o uclassf aa arsol. “A ms, o [or aa] was s Russa,” says asourc amlar w vsga-o. t sosor o aack asvr b f. t Russagovrm ay volv-m.