“Our belief is their motivation in Category 1 and Category 2 intrusions is to enable a foreign adversary to deny our president, Joint Chiefs of Staff (and military services) that network-centric warfare option,” said Thomas Reardon, chief of the intelligence division with Army Network Enterprise Technology Command/9th Army Signal Command.
“If we are going to bet the farm on network-centric operations and we allow those kinds of intrusions to persist, we’re putting it all at risk.”
Categories 1 and 2 indicate “enemy incoming" and suggest that a hacker has penetrated to the administrative or root level, or that an unauthorized person has gained access to “nonprivileged” information, Reardon said.
Categories 5 and 7 are generally inadvertent risks caused by authorized military personnel - such as installing a Trojan horse through a virus infection or neglecting to install a patch.
“We’re seeing now commanders taking action about these things,” Reardon said. “But it is not yet locked into Army doctrine.”
A working group inside DOD is looking at ways to mitigate the cybersecurity threats, Reardon said, and to expand on the National Industrial Security Program Operating Manual, a guidance that puts restrictions on classified contracts, but not specifically information technology. “NETCOM is trying to get the working group to extend the definition” to anyone doing work that connects to DOD’s Global Information Grid.
“It is national policy that we use foreign vendors if it is to the benefit of the federal government,” Reardon added. “It’s not a question that we’re going to stop using this stuff, because we cannot. We just have to mitigate the risks.”