Here's an interesting cyber nugget from yesterday's Senate Armed Services Committee hearing with U.S. Transportation Command chief, Air Force Gen. William Fraser: TRANSCOM, responsible for the global movement of U.S. military forces and their supplies, is the most attacked of all the military's combatant commands, suffering almost 180,000 cyber attacks in 2012, according to Fraser.
"We are -- and the best as I can tell, continue to be -- the most attacked command. In fact, as I testified last year that in '11 we had over [44,000], nearly 45,000," said Fraser in response to a question from committee chairman Sen. Carl Levin. "This last year, in 2012, that it actually had quadrupled. It is an area that we have significant concern, but we have taken a lot of action, and it is not in one area. We're taking a holistic approach as we work this specific issue."
Update: A TRANSCOM spokeswoman just provided additional info about the attacks to Killer Apps.
"The overwhelming number of events involving USTRANSCOM are low-severity, nuisance scanning and probing activities, but there have been events involving advanced persistent attempts to access USTRANSCOM systems," said command spokeswoman Cynthia Bauer in an email. "The command follows the DOD Cyber Incident Handling Program, which defines a computer network event as malicious or suspicious cyber activity against DOD reported in nine categories."
Fraser didn't elaborate on the types of attacks during the hearing -- they could be anything from spear-phishing aimed at collecting information to something more sophisticated, who knows. He did, however, say that none of these attacks had resulted in "significant intrusions to our network." He attributed this to the command's efforts to shrink the number of places where outsiders can access TRANSCOM's network and requiring businesses working with the command to have a minimum level of cyber security. The command isn't waiting for legislation requiring defense contractors to have practice good IT hygiene; it is mandating it via contract.
"We began to write into our contracts the need for more cyber-awareness, cybersecurity," said Fraser. "And so what we started doing then was last year in the springtime writing into our contracts the need for us to have an understanding of what their information assurance plan is. We were not directive in this, but we wanted to know what are you doing to protect your network?"
The command is also requiring contractors to tell it when their networks have been penetrated. (If that sounds familiar, it's because the 2013 NDAA requires something similar for all defense contractors.)
"When we got those types of reports [about contractors' networks being breached], we have a process and procedure by which we would ensure that law enforcement is advised, that we would offer any assistance that we have, and then we would stand up a team to determine what impact this might have had to our operations," said Fraser.
U.S. Department of Defense