The Pentagon is quietly, but quickly, moving to install the emergency Windows patch Microsoft issued last week on all military Microsoft workstations and computer servers. So says Rear Admiral Jan Hamby, a keynote speaker at the National Homeland Defense Foundation's cyber threats symposium in Colorado Springs.
Hamby recently took command of information security for the North American Defense Command, or NORAD, the 50-year-old joint U.S.-Canadian force that defends our continent against air, space and marine threats, as well as for Northcom, the six-year-old military group tasked with deterring terrorists attacks on U.S. soil and lending assistance during natural disasters.
She told me that the 2005 Titan Rain attack -- the one where Chinese cyber spies were found traipsing deep inside U.S. military systems -- served as a wake up call for the Pentagon. "It brought awareness of cyber threats to the broader military," she told me. "It got senior level attention. Security for our networks became a priority. And we're seeing the results of that today."
Military tech systems continue to be a magnet for cyber intruders. Hamby told me there has been a "surge" in attempts to penetrate military networks. But an obscure Department of Defense group -- the Joint Task Force Global Network Operations, or JTF-GNO in military-speak -- has emerged as the Pentagon's best securities practices champion. It was JTF-GNO that banned YouTube, MySpace and a dozen other popular web sites from military PCs.
And it is JTF-GNO that pushing aggressive patch management in the Pentagon. Hamby said she expects any day now to receive a "computing tasking order" with specific steps to push Microsoft's latest patch out to all PCs under her command, along with a deadline. "It's good process. It shows maturing from where we were five years ago, when we didn’t have a way to keep people accountable. Now we have good people and good practices in place and a reporting system."
That's more than can be said for many companies and organizations that typically take months to install security patches. Still, every speaker I heard at the conference on Wednesday hammered on reasons the bad guys targeting military systems are still running far ahead.
Hamby conceded as much: "We still have a ways to go. We are far enough into the journey to see the destination, and we're actually moving toward the destination, but it’s a long way off in the distance."Hamby's career track is worth noting. She got into tech security in 1995 as a combat systems officer aboard the USS George Washington. She has been focusing on tech security ever since. She won her admiral's star after serving as Director of Knowledge and Information Management of the Iraq multi-national force, and as Director of Global Operations for the Naval Network Warfare Command.
"For the first time in my career, I feel like we are getting our hands around this," the admiral told me. "The more we can demonstrate our resilience, the more we can cope with threats and fend off exploits, the more we create a deterrent effect."
By Byron AcohidoPhoto: Hamby (U.S. Navy)
Comments