AC use nearly halves DOD network intrusions, Croom says

http://www.fcw.com/article97480-01-25-07-Web






CAC use nearly halves DOD network intrusions, Croom says
BY Bob Brewin
Published on Jan. 25, 2007
Related Links

DOD battles increasingly virulent cyberattacks

DOD battles spear phishing

DOD bars use of HTML e-mail, Outlook Web Access

Find more related news in the policy section.
------------------------------------------------------------ -----------
-
FCW.com job search
Hot Topics

Find events presentations, source documents and other online resources
on the Defense Hot Topic page.

Vendor Solutions
Find white papers, vendor presentations and other technology solutions
in the Government IT Resource Center. Access now (registration
required).
Newsletters

Subscribe to the Defense newsletter to receive all the latest in news,
features and online resources.

FCW.com Blogs

FCW reviewers share their perspectives on the latest trends and
gadgets in the Tech blog.
COLORADO SPRINGS, Colo. -- Although there are 6 million probes of
Defense Department networks a day, successful intrusions have declined
46 percent in the past year because of a requirement that all DOD
personnel log on to unclassified networks using Common Access Cards,
Air Force Lt. Gen. Charles Croom, said in a speech at the AFCEA
SpaceComm 2007 conference.
DOD has battled increasingly sophisticated attacks against its
networks in the past year, and reconnaissance and attacks still
continue 24/7, said Croom, director of the Defense Information Systems
Agency and commander of the Joint Task Force for Global Network
Operations.
It is essential to use CACs, which electronically verify a user's
identity, to access unclassified DOD networks because 75 percent of
that traffic also moves across the public Internet, he said. Croom all
but ruled out use of Outlook Web Access by remote users because of its
poor security. The software's use in DOD will require approval from a
three-star general, he said.
Croom added that the number of successful socially engineered e-mail
attacks against DOD users - a practice known as spear phishing - has
declined 30 percent in the past year due to increased security
awareness training. All department employees and contractors who use
DOD networks were required to complete spear phishing awareness
training as of this month.
DOD has already issued 10 million CACs to users of DOD networks, which
include the National Guard, active and reserve forces, and
contractors, Croom said. This accounts for 91 percent of all users on
the unclassified networks. Use of CACs and public-key infrastructure
tokens eliminates the need to use passwords, which Croom said is the
major problem in protecting DOD networks.
Passwords can be harvested automatically by keyloggers or from notes
people stick on their computers, Croom said.
When asked if the DISA and JTF-GNO plan to relax restrictions against
the use of Outlook Web Access by Guard and reserve units, which do not
have the infrastructure to support the use of CACs, Croom was
unrelenting.
DOD networks are weapons systems that must be protected to support
vital combat and logistics missions, and Guard and reserve units need
to access them securely, Croom said. He suggested these units develop
a virtual private network infrastructure that can support CACs.