GovInfoSecurity reports on a flash drive that breached the US Department of Defense
Deputy Defense Secretary William Lynn III, in an article to be published by the journal Foreign Affairs, writes that a flash drive inserted into a laptop on a military post in the Middle East in 2008 caused the most significant breach of military computers.
The incident is now being declassified. Lynn says this is to increase awareness of threats. However, we know that malware spreads from flash drives. The real news is here:
That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control
Lack of segmentation between classified and other systems? While it is nice that a Deputy Defense Secretary would come forward with details that say the military did not manage security well, just to educate congress, perhaps there is another motive.The story reads less about threats of sophisticated malware and more about poor segmentation controls.
The more I hear and read the military focus the discussion on “threats” the more I wonder if they are trying to stir fear in American politics to establish control or at least major influence over Cyber Command.
This is the new political landscape. I see it as a career-related move on their part (they want to be seen as the new generation of leaders) as much as an organizational fight with civilian leadership.
I asked the esteemed panel at DefCon about this and their response was “No one thinks that…. Howard Schmidt is a civilian.” I guess that makes me no one, because I still think that these military-led presentations are not a token of mere goodwill but rather part of some political process. The breach review should include threat analysis but the vulnerabilities are often more interesting; I hope we will soon find out why military leaders left classified systems so easily exposed.
Update: More on this topic in Civilians giving away too much control of US CyberSecurity?