DoD Unveils New Cyber Defense Strategy
Deputy Defense Secretary William Lynn III, in an article to be published by the journal Foreign Affairs, writes that a flash drive inserted into a laptop on a military post in the Middle East in 2008 caused the most significant breach of military computers.

Malicious code placed on the drive by a foreign intelligence agency uploaded itself onto a network run by the U.S. Central Command, according to the article. "That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control," Lynn says in the article, as quoted by the Washington Post. "It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary."

Lynn's decision to declassify an incident that Defense officials had kept secret reflects the Pentagon's desire to raise congressional and public concern over the threats facing U.S. computer systems, experts told the newspaper. In 2008, the Los Angeles Times reported that the incursion might have originated in Russia. After the breach, the Pentagon banned the use of flash drives, a policy that has since been modified.

Lynn writes that DoD implemented Operation Buckshot Yankee to counter the virtual attacks. The Pentagon, he says, "has begun to recognize its vulnerability and is making a case for how you've got to deal with it."




Around the Network