In a single case this summer, an attack by hackers disabled a reported 1,500 Pentagon computers. And the siege is continuing. The Defense Department detects 3 million unauthorized "scans"—or attempts by would-be intruders to access official networks—on its computers every day, according to a Pentagon spokesman. Now the Bush administration, worried particularly about computer attacks from China, is aiming to beef up American defenses. According to officials in the cybersecurity industry, who like several sources quoted in this article did not want to be named discussing confidential programs, the White House is quietly preparing a major "cyberdefense" initiative to be announced later this year.
It won't be the first such effort. Shortly before the U.S. invasion of Iraq, the White House announced a new cybersecurity strategy that eventually foundered, according to Roger Cressey, a former counterterrorism adviser in both the Clinton and current administrations. Given the recent success that hackers have had penetrating U.S. government networks, says Cressey, a new campaign to bolster security is "overdue."
The hackers are hunting for vulnerabilities at government agencies both in the United States and abroad. A European security official says that investigators have succeeded in identifying attackers who hit computers in the office of a European head of government: specific units of the Chinese military—the People's Liberation Army— in Shanghai and Beijing. But the official says that when Chinese leaders were confronted about the case, they denied any involvement.
The new U.S. program is a work in progress. But measures under consideration include giving authority to the National Security Agency to monitor private computer systems—which could prompt new domestic-spying concerns—and purchasing network routers that are more secure. Spokespeople for the NSA, the director of National Intelligence and the Pentagon—all of whom are expected to play a role in the new plan—referred questions to the Department of Homeland Security. DHS spokesman Russ Knocke also declined to discuss any forthcoming computer security plan.