The appearance of new online threats this year requires a streamlining of the US government's approach to the Internet, according to senior officials at the US Department of Defense (DoD).
The DoD blocked and traced 60,000 intrusion attempts on its unclassified networks in 2004, and wrestles with spam, illicit pornography and other common Internet threats. If left to fester the threats could hamper the massive defense agency, which relies on global, unclassified networks for critical business operations, said Lieutenant General Harry Raduege, director of the Defense Information Systems Agency.
Raduege was speaking at the Department of Defense Cyber Crime Conference in Palm Harbour, Florida, an annual gathering of some of the government's top IT, computer forensic and research and development talent.
The DoD is taking the threat to its networks seriously, as global information networks now play a crucial role supporting troops abroad, as well as critical logistics, financial, and medical information systems that the DoD relies on to support its employees and to communicate with suppliers in the U.S. and abroad, he said. "The importance of reliable, accessible networks is growing as we move to a netcentric world," he said.
Larger, more open networks provide more opportunities for malicious hackers or terrorist groups to infiltrate those networks, stealing sensitive information or wreaking havoc on DoD operations, he added.
The DoD is drafting new policies to respond to a number of threats that are well known to many private sector network administrators, including peer-to-peer file sharing applications, and vulnerable computer communications ports and protocols. It is also working to develop a list of IP addresses for a "do not block list" so critical DoD communications are not accidentally blocked by ISPs and other organisations.
Networks that contain classified information are not connected to the public Internet and are not affected by the same threats that affect unclassified department networks.
A re-organization approved by the Joint Chiefs of Staff in November should make it easier for the government to co-ordinate its response to cyber threats and create more discipline on DoD networks by creating clear lines of command from the US Secretary of Defense, to the DoD's Strategic Command, to the various branches of the military, Raduege said.
Asked whether the public should feel confident that the government is on top of cyber crime, Raduege said that the government's preparedness to deal with online threats had improved dramatically since the first "Solar Sunrise" exercise in the late 1990s. "We're good. We're very good," he said.
With the theme of "Cyber crime: overcoming the challenges of new technology," the 4th annual DoD Cyber Crime Conference brought together 500 experts in technology, law and computer forensics to discuss ways to improve computer investigations, protect government networks from attack and co-ordinate the response to computer threats across the huge military and defense sectors.
The conference offered a diverse set of mostly closed-door sessions, with topics such as "Cyber Jihad and the Globalisation of Warfare" and "Current Trends in Digital Forensics".
Child pornography has become a huge problem for DoD investigators, accounting for as much as 50 percent of the criminal digital evidence processing work done by the DoD's Defense Cyber Crime Center (DC3), said Steven Shirley, executive director of DC3.
The proliferation of inexpensive digital cameras and scanners has caused instances of child pornography to mushroom in the military, as elsewhere in society, said Jim Christy, director of the Defense Cyber Crime Institute at DC3.
Other hot topics at the show were techniques for capturing and analysing data from a flood of new digital storage media, including iPods, GPS devices and portable USB memory sticks, Christy said.
Government investigators working on cases, ranging from homicides to espionage, need to be aware of the wide range of new places that valuable information could be stored, he said.
"Twenty years ago, investigators used to walk right past the desktop computer when they were gathering evidence. Now they know enough to seize that, but we've got to get them to be aware of these other devices," he said.