IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

Google Ads



Mario Balakgie
Chief Information Assurance Officer
Defense Intelligence Agency
Department of Defense

before a hearing 
of the

Subcommittee on Government Management, 
Information, and Technology

July 26, 2000

Computer Security: 
Cyber Attacks - War without Borders


Thank you, Mr. Chairman and members of the Subcommittee. I am honored to be here and pleased to have this opportunity to speak on the issue of cyber threat and response.

I am the Chief Information Assurance Officer for the Defense Intelligence Agency (DIA). I manage the Information Assurance Program of the Defense Military Intelligence Community, a function of our Agency's Chief Information Officer. I have been involved with this program for approximately eight years and have gained practical insight regarding the cyber security response in the new world of the Information Age. I will be presenting what DIA views as issues and challenges for information assurance of our global information infrastructure.

The Defense Military Intelligence Community is comprised of the intelligence organizations within the Services and Commands. These organizations are global in mission and interact as a single community in which DIA has lead role for military intelligence production. This community is also a member of the National Intelligence Community.

Role of Information Technology

Defense intelligence uses information technology as an integral tool to perform our intelligence mission of collection, analysis, production, and dissemination. We operate in a globally interconnected and interdependent series of networks with high-speed links providing real time data, video, and voice capabilities. This network infrastructure is secured from end to end and transmits sensitive intelligence information to our senior decision-makers, operational forces, and affiliates. The employment of Information Technology has been a key enabler to our success and has provided a tremendous return of our investment but, not without taking on a proportional risk to the security of our information infrastructure.

Because of our intelligence mission and the inherent sensitivity of our work, we were at one time protected simply through maintaining network isolation and separation from the rest of the world and sometimes even within our own Intelligence Community. Such an isolated mode of operation completely changed with the introduction and subsequent invasion of networked computers at virtually every level of our intelligence business. The new interdependent environment has brought about both opportunities and risks to our information infrastructure. This means our response to computer threats is now very different from the traditional approach given that a single attack can potentially affect an entire information infrastructure. Today's technological dimension not only requires a coordinated response but also necessitates active defense, meaning offensive actions must taken to preempt cyber attacks.

Information Assurance

Information Assurance is the function of protecting and defending information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities. More than ever before our Information Assurance business is essential as we contend with unsurpassed challenges (threats as well as opportunities) to our information infrastructure.

Given the risks and the fact that weakness in any portion of our network is a threat to the operational readiness of all connections, our Information Assurance goal is to ensure the continuous availability of our systems and networks. The technical strategy that underlies our Information Assurance program is Defense-in-Depth in which layers of defense are used to achieve balanced, overall protection. Defense-in-Depth maximizes our ability to protect information and defend our network infrastructure through the implementation of layers of security solutions. The security layers are a combination of technical (hardware and software) capability, policy, and operations. Our overall strategy for Information Assurance is to achieve enterprise-wide infrastructure protection, with our defense layers guaranteeing delivery of accurate, reliable, and timely information.

Opportunities and Threats

The last several world crises demonstrated our extraordinary reliance on the information infrastructure. Defense intelligence relies on global networks to support deployed forces involved in current crises, as well as pre- and post-operations. In providing vital information to the warfighting units, the information network has become a combat power. However, our reliance on the network and system strength can become a point of vulnerability. Consistent and well-defined Information Assurance objectives are key to defending the network infrastructure and ensuring our ability to successfully conduct military operations.

We are challenged because the environment is constantly changing as a result of threats. System and network vulnerabilities are continuously discovered on the Internet and these same vulnerabilities can be used to exploit our information networks. Although intelligence systems operate in a secure environment, they are comprised primarily of the same commercial-of-the-shelf products used in unclassified environments, and are subject to the same vulnerabilities.

Another significant threat area is that of the insider. An insider is anyone who currently has, or has in the past, been authorized access to a government information system. These can be military members, federal employees, or employees of the private sector. In a recent example, an investigation concluded that the insider threat accounted for 87% of identified intrusions into Department of Defense information systems. This is truly alarming. It is a concern for all government organizations and it requires immediate preventive actions for mitigating the threat. These measures include strengthening personnel security, detection and response to problems, and protecting information assets.

There are a number of information assurance activities that will continue to be challenging in the dynamic world of technology and cyber security response. By concentrating on a few basic tactics we can, however, make progress in implementing effective short-term proactive measures to protect the infrastructure. These priority security measures address the immediate threats we face today. The Defense Intelligence Community is concentrating its resources on five defensive areas in part of our efforts to institute a comprehensive and effective coordinated defense.

Risk Management as a Business Process: A critical factor is our ability to identify and mitigate risks to our information infrastructure. Herein lies the role of risk management for aiding us in understanding infrastructure vulnerabilities and making important decisions as to what is or is not an acceptable security posture. Risk management is integral to the information technology cycle and must be incorporated as a business process.

People Focus: The most important element of our Information Assurance program is the human factor. Personnel -- both users and information technology professionals -- are the first line and most important defense. Information Assurance professionals responsible for security management must be trained and certified with a prerequisite level of skills and competencies. While we can implement sophisticated security technology, without trained professionals who understand the technology, even our best security defenses will not be effective.

Mitigate Insider Threat: Minimizing the potential damage by an insider requires specific strategies that are part of an active security program. This includes identifying critical information, establishing trustworthiness, strengthening personnel security, detecting insiders, and taking corrective action.

Implement Intrusion Detection Systems: Implementing intrusion detection systems provides attack sensing and preempting serious incidents. However, intrusion detection technology has not yet advanced to the stage of detecting and responding to a sophisticated, organized attack[er]. Additionally, there are challenges in supporting the operations of intrusion detection systems since they require a skilled individual who can quickly and accurately distinguish an anomaly from an attack.

Vulnerabilities and Exploits Awareness: We are faced daily with new vulnerabilities to our systems and networks. Many of these vulnerabilities are exceptionally dangerous and cause significant concern. To further challenge us many of these exploits are publicly discovered and globally distributed via the Internet. Our response is to diligently be aware of vulnerabilities via public and private security advisories and take offensive action to mitigate potential exploits.

Response Challenges

Technology has brought us to the point where global interconnections of the information infrastructure are a permanent and irreversible business aspect. This reality incorporates threats for all infrastructures. Hence the realization of shared risk. Effectively addressing the threats and vulnerabilities to systems and networks requires a constant level of sensitivity and awareness to computer attacks, exploitation techniques, and coordinated response.

There are several obstacles in coordinating a response. These include conflicting protection policies as well as authorities of the information infrastructure. At the least, this makes execution of defensive actions difficult. The "worldwide" nature of threats -- attacks from anywhere at anytime -- is also a reality. Not only are these attacks difficult to detect but, more importantly, they present an attribution problem when sophisticated attackers are involved. Additionally, our reliance on commercial-off-the-shelf products places our infrastructure at risk because much of the vendor software contains publicly known [exploits] that are then used against us. Finally, the interconnected world that provides valuable information sharing capabilities also presents the means for conducting large-scale attacks with tremendous speed.

Improving coordinated responses between the private and public sectors is essential since both are stakeholders of the national, critical infrastructures. These are the same infrastructures that are vulnerable to the same threats mutually faced by all today. To succeed in protecting our information networks, both the private and public sectors must work together and coordinate efforts in planning and responding to the constant challenge of information protection.

Recognizing the need for coordinated response, the Department of Defense has stepped out aggressively to address a global, computer network defense. The United States Space Command and its Joint Task Force for Computer Network Defense (JTF-CND) was established with the primary mission for coordinating such responses. JTF-CND's mission is to coordinate and direct the defense of Department of Defense computer systems and networks. This includes the coordination of defensive actions with non-Department of Defense government agencies and appropriate private organizations.


Response to computer security threats is indeed a challenge and should not be misconstrued as a one-time issue. Hence, we must commit to the information assurance mission with constant vigilance in protecting the information infrastructure. This demands skilled people and crucial security technology for defending our global systems and networks. For maximum results our defensive efforts must be comprehensive in nature and include coordinated strategies between the private and public sectors.

The business of information infrastructure protection is a never-ending journey. We have attained several goals for improving our ability to defend the network but there is much that remains to be achieved. The challenge is continuous, incorporating the dynamics of technology and the global magnitude of the infrastructure. This perpetual challenge is best characterized as a business of risk management balanced against threats, vulnerabilities, and ultimately the return of our investment.

IWS Mailing Lists

Mailing Lists Overview