[ISN] Army cyber ops faces forensic backlog

[InfoSec News]

http://www.gcn.com/online/vol1_no1/46946-1.html

By Wyatt Kash
GCN.com
08/20/08

As the number of potential assaults on military information technology 
networks continues to escalate, so does the challenge of conducting 
forensic and attribution analysis in order to respond appropriately, 
said Col. Barry Hensley at the 2008 LandWarNet conference in Fort 
Lauderdale, Fla., this week.

"There are 360 million scans or attempted scans [per day] across the 
[Defense Department] network," said Hensley, director of the Army Global 
Network Operations and Security Center. But those scans are merely part 
of the noise that Army security specialists must deal with in analyzing 
a variety of incidents and potential assaults on military networks.

The difficulty, he said, is recognizing when an incident, like the 
accidental severing of undersea fiber optic cables in the Mediterranean 
Sea last year, is a disruption, a cyber attack or something more than a 
cyber attack.

One step toward improving responsiveness is "to know your network," 
Hensley said. He noted that 90 percent of the Army's LandWarNet network 
relies on undersea cable. But local land connections also present 
vulnerabilities, he said. He cited an incident where a garbage truck 
severed an overhead fiber cable knocking out service for the Army's 
southern and northern continental command centers for nine hours. 

[...]