The Washington Post reports that the US Deputy Defense Secretary has publicly acknowledged what is being described as the most significant breach of U.S. military computers.
The cause was a flash drive inserted into a U.S. military laptop in the Middle East in 2008.
And the consequence was that the malicious code, which had been placed on the drive by a foreign intelligence agency, uploaded itself onto the network run by the U.S. military’s Central Command. Apparently, the code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control.
This disclosure was apparently part of a deliberate strategy to raise the awareness of the US Congress and the American people of the cyber-threat being faced by the USA. Apparently, the Pentagon’s 15,000 networks and 7 million computing devices are being probed thousands of times daily and the US Government’s concern is that cyberwar is asymmetric and that traditional Cold War deterrence models of assured retaliation do not apply to cyberspace, where it is difficult to identify the instigator of an attack.
The problems faced by the Pentagon are no doubt faced – on a smaller scale – by the UK Ministry of Defence and the British armed services. I do not, however, detect a similar openness about the threat by the UK’s Coalition Government – perhaps because the strategy to address the problem is nothing like as well-developed as it should be.