In the first on-the-record, official recognition that a foreign intelligence agency infiltrated sensitive U.S. military CentCom networks in 2008, Deputy Defense Secretary William J. Lynn III has revealed the source of the attack. And it was — drumroll please — a flash drive. A simple flash drive inserted into a military laptop at a location in the Middle East allowed malicious code to install and conceal itself on both classified and unclassified servers, opening them to foreign control.
The acknowledgement that such a simple process set off such an egregious breach of security highlights not only the danger that cyber threats pose, but just how fragile sensitive systems — the systems by which America makes war — can be.
In an article today in Foreign Affairs, Lynn presents new details about the DoD’s cyberstrategy as it pertains to seeking out threats within its own networks, and according to the WaPo he asserts that the Pentagon needs to make efforts to protect important industry networks as well. That means defending not only protecting dot-gov and dot-mil networks, but ensuring that private industries providing critical infrastructure are taking the proper steps to secure their own networks.
But what the Pentagon learned the hard way is also a timely reminder for the rest of us as well. Keep in mind that foreign flash drives are something like sailors during Fleet Week — there’s just no way to know where they’ve been or what they’ve been, ahem, uploading. Be safe out there.