The Pentagon took an undisclosed number of computers offline on Wednesday after it detected a cyber-attack on its systems earlier this week, Pentagon spokesperson Navy Lt. Cmdr. Chito Peppler told the E-Commerce Times. This resulted in some of the Pentagon’s e-mail systems being taken down.
Peppler declined to say how many computers were affected, but he also added that he’s “not disputing” widely circulated reports that the number was in the vicinity of 1,500. He declined to offer any details about the attack, or to estimate when the computers might be brought online again.
‘Hundreds of Attacks’
“The reality is that the Defense Department is constantly under attack,” Secretary of Defense Robert Gates told reporters. “A variety of precautionary measures are being taken. We expect the system to be online again very soon.”
With “hundreds of attacks” made on it every day, the Pentagon does have redundant systems in place, Gates added, “and there is no anticipated adverse impact on ongoing operations.” Rather, the effect will be more a matter of administrative disruptions and “personal inconveniences,” he said.
Asked whether his own e-mail had been affected, Gates said, “I don’t do e-mail — I’m a very low-tech person.”
No further details on the attack were available.
Work to Be Done
“Federal agencies in general have had this issue where they’re so complex and big, and there are so many systems involved, that a lapse in any one of their security controls could lead to something like this,” Khalid Kark, senior analyst with Forrester Research, told the E-Commerce Times.
Frequent attacks are a matter of course for the Pentagon and other agencies “in the limelight,” Kark added, making thorough preparations essential.
Yet “I think there is still a lot of work that still needs to be done,” he said.
Specifically, much of the security focus at federal agencies has been on installing technologies and products to protect against breaches, with less attention to defining good processes around what is sensitive information and what needs to be done to protect it, Kark explained.
“You may have the best technology, but if someone doesn’t use it well, it could still open up a hole that could be exploited,” he said. “It has to be a combination of good technologies and processes, along with great security awareness so that people in these agencies are aware of the threats and what to do if they see something suspicious.”
For some federal agencies, efforts to create security awareness consist just of a single presentation every year, “and that’s not enough,” Kark added.
“At the Pentagon, they have to be a lot more conscious of the fact that information is absolutely sensitive,” he concluded, “and they need to ensure that they’re putting in all the necessary controls to protect it.”