The Most Significant - Ever
“the most significant breach of the nations military computers - ever”
It’s an interesting quote isn’t it.
It’s made more interesting because it was made by U.S. Deputy Secretary of Defense, William J. Lynn III, who published an article in Foreign Affairs magazine last Wednesday, disclosing some information about the government network attacks from 2008. Apparently, the decision to declassify the information reflects the desire to raise the level of general concern over cyber threats to U.S. government networks. This is somewhat confirmed with a fair level of hyperbole and the couching of the article in very military terms; for example the code: spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control.
What we know for sure is the incident woke someone up because in November 2008 the US Defense Department banned the use of flash media on it’s systems.
Very few technical details are in the article. Lynn confirms Defense networks were infiltrated by malicious code that was tracked back to a flash drive inserted into a laptop in an undisclosed location said to be in the middle east. It is inferred the code was planted by a foreign intelligence agency.
What struck me most while reading press coverage was how devoid it all was of anything really useful. I’d have thought the “most significant breach .. ever” would be littered with real world lessons and glimpses into the future of risk for the corporate marketplace. Instead we have the same old low brow problem of an end user plugging a USB stick into a box and a network admin who wasn’t expecting that.
Comments
Post new comment