Forwarded From: William Knowles <erehwon@kizmiaz.dis.org>
http://www.usatoday.com/life/cyber/tech/cte684.htm
WASHINGTON (AP) [3.22.99] - The military's key communications
infrastructure linking combat, intelligence and command forces is
dangerously vulnerable to attacks from cyberspace and requires urgent
changes in Defense Department policy, said a study released Monday.
The Command, Control, Communications, Computers and Intelligence systems,
known as C4I, is compromised by security problems and also by a military
culture prone to treating such problems as a lesser priority, the National
Research Council reported.
''The rate at which information systems are being relied on outstrips the
rate at which they are being protected,'' it said. ''The time needed to
develop and deploy effective defenses in cyberspace is much longer than
the time required to develop and mount an attack.''
Despite evidence of security lapses in C4I -- which handles communications
and warning tasks all along the chain of command -- the Pentagon's ''words
regarding the importance of information systems security have not been
matched by comparable action,'' the report said.
''Troops in the field did not appear to take the protection of their C4I
systems nearly as seriously as they do other aspects of defense,'' said
the report, which Congress ordered the Pentagon to commission in 1995. The
council is an independent organization chartered by Congress to advise the
government.
The report indicated the problems were due more to the Pentagon's
management of the systems than to the technology itself. It cited C4I
workers' lack of stature compared with traditional combat forces,
compatibility problems between the services and a need for more budget
flexibility on the matter from both the Defense Department and Congress.
In a statement, the Pentagon acknowledged that the U.S. military's
strength ''is our information technology,'' and that ''our dependence on
such assets, which may be subject to malicious attack, makes information
technology our weakness as well.''
It said that as the council's report was being prepared, the Defense
Department had already improved protection against computer attack by
implementing new programs, establishing a joint task force for computer
defense and expanding training of its information technology personnel.
But Kenneth Allard, an analyst who has written about C4I, said its
weaknesses are in part the fault of ''Industrial Age'' military
acquisition policies -- applying to computers as well as tanks, ships and
aircraft -- that give the services their own procurement duties.
Ships and tanks may perform different tasks, he said, but the Army, Navy
and other services need a single-standard computer system.
''Twenty-first century combat is the war of the databases, in which
information flows must go from the foxhole to the White House and back
down again,'' said Allard, a former Army colonel and analyst at the Center
for Strategic and International Studies who had not yet read the council's
report.
The report recommended:
Making C4I a greater budget priority in defense spending, with a
flexibility that can ''exploit unanticipated advances in C4I technology.''
Designating an organization responsible for providing direct defensive
operational support to commanders.
Funding a program to conduct frequent, unannounced penetration testing of
C4I systems.
Ensuring that programs are operable even if one part has been penetrated
by an adversary.
Emphasizing the importance of information technology in the military
leadership.
Establishing an Institute for Military Information Technology, possibly as
part of an existing body.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Hacker News Network [www.hackernews.com]
Received on Sat Apr 3 10:53:55 1999