Index

News Briefings

DoD News Briefing


Thursday, February 10, 2000 - 1:30 p.m.
Presenter: Rear Admiral Craig Quigley, DASD PA

ADM. QUIGLEY:

..........

QCan you bring us up to date on the Pentagon and the military's concern about the recent computer hacking attacks, whether or not you guys have been attacked, whether you're concerned, whether you've warned your people, if you have or you haven't, then, you know, why? The whole update on what you see.

ADM. QUIGLEY: Certainly. The Department of Defense has been very concerned for years on the growing use of computers, a strong sense on our part that we need to be aware of potential hacking into the DOD computer systems, and then to be able to defend against some of those attacks; both to note when they're taking place and to defend against the attacks in the first place.

In regarding the events of the last few days here, certainly, we've been watching that with great interest. We have a facility here in the Washington, D.C. metro area -- it's actually a part of the U.S. Space Command, which has the responsibility for computer network defense, but it's physically located here in the District -- that is monitoring Defense Department computer networks. We watch what's going on in networks around the Department. And we have not been susceptible -- we have not been the victim of the denial-of-service attacks that have hit e-Bay and Yahoo! and others in the last few days. Boy, it's something we're watching very carefully, but we have not been hit with that.

Now, today, the Defense Department is putting out a message to all facets of the Department, saying that we're asking for network administrators around the department to take a look at the computers on their networks and to take a look at the drives to see if someone has planted some of this denial-of-service tools on the drives of Defense Department computers. We're doing that to see if any of our own computers could have unwittingly been a part of the denial-of- service regime that is being used to clobber some of the other servers on these other systems. But so far, we have not seen anything. We certainly continue to watch.

QDo you have any assessment as to why you haven't been attacked, when in the past you guys have sort of been first in line to be hit?

ADM. QUIGLEY: No, we don't have a real good feel for that. We think we've done a good job, over time, in taking a very prudent look to the creation of networks, to the setting up a system of monitoring and defense of the networks. But I wouldn't hazard a guess as to why not.

QOne last question. What would you say is sort of the best countermeasure you can offer in terms of it's well known publicly, that, you know, for example, you have ways of countering when people do try and hack into you, because you've successfully diverted attacks in the past. If something were to happen, what would be a couple of options you could then pursue to keep yourselves up and running?

ADM. QUIGLEY: Well, I would say first and foremost, it's just simply awareness; just be on your toes and be aware of what's happening. Monitor your systems, know how they're working, and note changes. But there are a variety of means, if you detect anything from a simple hacker to a concerted effort to bring down and clog a server, like we've seen here the last few days, your options are many. I mean, you have existing defensive systems that you have in place. You can take a service offline. You can divert the traffic coming in to a server to another server. You can call and block a particular signal coming in to a computer and say, I'm not going to accept e-mail, or whatever, from that computer anymore. And you can be quite selective or quite broad brush in the techniques that you use to defend an individual server.

Pam?

QCould you amplify what you said -- you were taking a look at the drives in DOD to see if somebody is using the DOD computers as a portal by which to attack other computers.

ADM. QUIGLEY: Yes. Yes.

QAnd how many -- when did this -- is it a directive, is it a memo that went out? Is it just a message?

ADM. QUIGLEY: It's a message. And we don't have any evidence, I must be quick to point --

QAnd when did the message go out?

ADM. QUIGLEY: Today. Today.

QOkay.

ADM. QUIGLEY: I don't think it's gone out yet. It will before close of business today. And it takes -- it directs the entire Department of Defense to take a look at its systems and read what's on those drives to see if, unwittingly, someone has placed that denial-of-service tools on one or more of DOD's computer systems.

QAnd that denial of service --

ADM. QUIGLEY: And if so, then, as we understand the process that's taking place, those computers would be involved in actual attacks, then, on others -- the Yahoo, the eBay, the what-have-you.

And so if we find it, we'd take it down, we'd remove it, et cetera. But first it's awareness.

QWhy are you all doing this, Craig? Are other government agencies doing it, or do you have specific reason to believe that the Pentagon might have done it?

ADM. QUIGLEY: I don't know on the first part of your question, Charlie, if other elements of the federal government are doing this. But from our perspective, I mean, the Defense Department is the federal government's biggest single user of computers. And we want to make sure that we are -- we have no reason to suspect that any of our systems are, in fact, involved in this. But we also are not sure until we check. And so that's why we're calling for a check on the part of all of our system administrators.

QCould you clarify one other point, then? When you say "DOD-wide" is that, in fact, all the services worldwide since there are DOD networks --

ADM. QUIGLEY: Oh, indeed. Yes. All the services, Defense agencies, all elements of the Defense Department.

QCan you also --

ADM. QUIGLEY: Jeff?

QIf I understand the way these attacks work, it appears as if the invasion is coming from a zillion different places, it's hard to pinpoint exactly the source of the attacks because everybody's trying to get into your system at once. Is the department able, if such a thing were to occur, to isolate that so that the rest of us who might have a good reason and, indeed, that folks around the world who are a part of the military who have a good reason to be into the system can get in, or would, in fact, you just have to pull your systems off-line?

ADM. QUIGLEY: I won't purport to be a subject matter expert in this regard. But it's my understanding that it is such a massive assault when it occurs that it basically clogs your system so badly that you cannot discern from a legitimate request for information as opposed to a hundred different computers asking for all the information all at once. The servers try to comply with the request and they just get bogged down in the sheer volume of the requests for information.

QSo if someone tries to do this or if there's a group trying to do this, the department would be vulnerable.

ADM. QUIGLEY: Yes.

Yes, sir.

QCan I follow up on that? If you have concern that your servers are being used as the host to launch an attack against other websites, those websites may now have put up defensive mechanisms. They could turn around and shut off your servers, could they not? Are you concerned about that?

ADM. QUIGLEY: I think first things first, okay? If you find it, if we take a look at our various many, many different computer systems and you find any of them, you would simply remove it from the drive on that computer.

And then -- I'm talking like it's a very simplistic task, and it is not, but at the end of the day, that would be the effect, Barbara. It would simply be removed. And that computer would no longer, then, be the source of the attack on another computer.

QI'm sorry, are you talking about hard drives on individual computers?

ADM. QUIGLEY: Yes, or servers that are serving a network or something of that sort, Bob.

Yeah, Tammy?

QCraig, how long do you anticipate this check is going to take? And can we get a copy of this message being sent out?

ADM. QUIGLEY: As of the time -- yes, we can get you a copy of that. I don't believe it will be classified. We can take a look at what portions might be classified. But I think you can still get the gist of it from the portions. As of 15 minutes ago when we started the brief, we had not put a time limit on it. I think that was still a work in progress.

QSir, did the folks at JTF Computer Network Defense see any of these attacks develop? They do monitor the civilian networks too, right?

ADM. QUIGLEY: Well, no, they're monitoring our networks. It's a scanning of the Defense Department networks. And in this regard, on the issue we're talking about here, we're an element of and working very closely with the national office, run by the Justice Department, of the infrastructure protection -- NIPC. I don't remember the definition of the term. One second. National Infrastructure Protection Center. Yes. NIPC.

Yes, sir? You had a question?

QYeah. Is there even a hint, the slightest hint that this actually could have -- an attack actually has happened from a DOD computer system?

ADM. QUIGLEY: No. No. We have not felt the attack, and we have nothing to suspect that any of our systems have been used as agents, if you will, to make the attack. We just think it's a prudent thing to check, particularly because of the numbers involved.

Bill?

QYes. Admiral, if I could go on to another subject, about the article today in the Times about North Korean missile components being shipped by jumbo jet to very interested clients, especially Iran. Do you have anything you can say in comment about this particular matter or this particular article?

ADM. QUIGLEY: Well, it's an issue that we have expressed our concern about many times, from here and the State Department and various levels of the government. The proliferation of weapons of mass destruction and the means to deliver them is a concern to us.

It's something that we monitor very closely around the world and we care very much about. All I can say in this regard is that we'll continue to watch it and express our concerns.

........

Some computer security people have suggested that every time you go in and fix a computer, there is always the potential of something bad being introduced in some way, that that is one threat. Has there ever been any inkling that in all the tremendous amount of remediation you did, that anything bad got in?

ADM. QUIGLEY: No. We don't have any indication of that. And let me just throw one more thing in.

That was a period of time that we were so focused, and looking so carefully and so intently with checks and double-checks on the system -- I certainly won't promise that it's impossible -- but I would think that very unlikely, given the amount of attention that was focused on that topic at the time.

QThis check you are going to do -- are you instructing people to stay away from certain sites? For example, I am sure there are people in the department who have bought books at Amazon. Is there going to be any instruction to "don't do that right now," or, "Don't do a search on Yahoo! right now"?

ADM. QUIGLEY: No, I don't -- I mean, I'll -- we should wait until the actual message comes out, Dale. But it's my understanding that that's not the thrust of the direction. It is to check our own systems, again with the purpose being to see that to the best of our ability, that our own systems are not being used, unwittingly, to assist attacking other systems.

QSo you're not telling your people to stay away from certain sites?

ADM. QUIGLEY: Not, that I know of; I am not aware of any such direction.

QOne more on the computer thing. If you had no indication, then why -- who thought of the idea to even check?

ADM. QUIGLEY: Our C3I folks thought that it was simply the right thing to do given the scope of the Defense Department's investment in computer systems and networks. And all things considered, being very much aware of what's going on in the United States the last couple, three days, this, they felt, was just a prudent check to do. And they have been widely supported here within the building.

QAnd has DOD done any consulting with any of their companies, since you guys have the joint task force in Computer Network Defense -- (inaudible)?

ADM. QUIGLEY: I don't know, Pam. I would have to check with Space Command on that one.

QThank you.

THIS TRANSCRIPT WAS PREPARED BY THE FEDERAL NEWS SERVICE, INC., WASHINGTON DC. FEDERAL NEWS SERVICE IS A PRIVATE COMPANY. FOR OTHER DEFENSE RELATED TRANSCRIPTS NOT AVAILABLE THROUGH THIS SITE, CONTACT FEDERAL NEWS SERVICE AT (202) 347-1400.