News

TRANSCRIPT

DoD News Briefing


Thursday, April 16, 1998 - 1:30 p.m. (EDT)
Mr. Kenneth H. Bacon, ASD (PA)

.................

Q: Ken, could you give us a bit of a readout on this war game, ELIGIBLE RECEIVER and what steps the Pentagon is taking to shore up computer security?

A: Sure. First is, ELIGIBLE RECEIVER is a game that was played by the Joint Staff last June. It tested our ability to deal with cyber attacks. It was directed only against our unclassified systems, not against classified systems, and it found that we have a lot of work to do to provide better security. We're not alone in this regard. Most businesses, many private institutions, many individuals have a lot of work to do in improving their ability to protect their computers and computer systems. But because of ELIGIBLE RECEIVER and the subsequent attack by hackers against unclassified computer networks earlier this year, John Hamre, the deputy secretary of defense, has launched a number of initiatives to improve computer security in the Pentagon.

The first is, of course, something that we achieved by holding ELIGIBLE RECEIVER, and in fact it was the point of ELIGIBLE RECEIVER which was to improve everybody's awareness of the threats posed to computer systems today. And ELIGIBLE RECEIVER I think succeeded beyond its planner's wildest dreams in elevating the awareness of threats to our computer systems.

Since then we've had a series of meetings with the Justice Department, with the Vice President's office and other agencies in the government to address, on a broad scale basis, issues of computer security. In this building in particular, we've appointed a Chief Information Officer, Art Money, who's going to become the Assistant Secretary of Defense for command, control and communications. He's been nominated to do that. He is in charge of being the main focal point for efforts to improve computer security across the military.

This is a daunting prospect. We have in the Department of Defense 2.1 million computers, 100,000 local area networks, and more than 100 long distance networks. Of course some of these are highly secure, and those are the ones that receive the most attention, but we've come to realize that we have to pay a lot of attention to just standard computer networks that transmit e-mail and other information such as payroll information, etc.

One of the things that Dr. Hamre did earlier this year was issue a memorandum directing that a number of actions be taken. One was, for instance, that every computer network in the Department of Defense has to have a named security officer, sort of a central point of contact to go to to deal with problems for that particular network.

There are a whole series of other efforts to develop better ways for detecting attacks. We're putting a lot of effort into better ways of detecting attacks against our computer systems. In the fiscal years 1999 to 2002, the Department of Defense will spend $3.6 billion to address computer security issues, so it's something we are devoting a lot of resources and a lot of time to, but we have a ways to go. I think we are making progress, and we will make progress at an accelerating rate as we grapple with the dimensions of this problem.

Q: Have there been any investigations on the apparent attempts to hack into the Special Operations Forces computer?

A: I'm not up to speed on that. We'll get somebody to look into that. I assume if we know of attempts to break into our computer systems we investigate them. That's one of the things we've talked about with the Justice Department.

One of the things we've looked at is ways to set up a better counter-intelligence system for detecting attacks and for going after the people who are making the attacks. In addition, we're trying to do a much better job of staying in touch with our teenage children and others to learn the latest hacker techniques so we can be one step ahead of them rather than several steps behind. But as all of you know, that's easier said than done.

But there are a variety of efforts across a wide spectrum of issues that we're taking here to improve computer security. Obviously this is a moving train. We've got two problems. We've got to make the switches as we continue to pump increasing amounts of important information over the computer systems. That's the first thing. And we have to keep up with technology that's changing very rapidly.

Q: Do you agree with the assessment that this could have drastically impacted the electrical grid in the country, number one? Have they had mal-intent? And number two, why did they not attempt to go into the classified, or to penetrate the classified systems?

A: There are tests done on a fairly regular basis against a number of the classified systems to make sure that they are in fact secure. By virtue of the fact that they are secure they receive much more attention.

I guess I'd rather not make apocalyptic statements about the electrical grid, but we did learn that computer hackers could have a dramatic impact on the nation's infrastructure, including the electrical power grid. That, of course, is why there's a whole commission set up to deal with that, the Commission on Critical Infrastructure.

One of the things that Deputy Secretary Hamre did back early this year when we were subject to attack by hackers, the unclassified systems, was talk to the President about this because the President and the Vice President are both very concerned about computer security and infrastructure stability generally.

efore a recommendation goes to the President and a decision is made.

................

Press: Thank you.