A troubling and persistent virus infection at Creech Air Force base was kept secret from senior Air Force cyber security officials for weeks while IT staff in the affected unit at Creech struggled to eradicate the infection, according to a report by Wired.com.
The Air Force’s cyber security specialists only learned of the infection of the key logging Trojan after reading news reports about it online. The Trojan was observed logging the keystrokes of remote pilots controlling drones in flight over Afghanistan, Pakistan and other countries.
The report from Wired’s ThreatLevel blog cites an unnamed source involved with Air Force operations as saying that the issue has now been escalated to the highest echelons of the Air Force and that an investigation into the incident is ongoing.
But the communication breakdown already reveals some of the obstacles the U.S. military faces as it tries to respond to a wave of sophisticated attacks on its networks and classified information systems.
Information technology and cyber security are still handled separately by each of the military’s four branches: the Army, Navy, Air Force and Marines. And, while the U.S. has a newly minted Cyber Command to act as a unified defense structure for the military’s networks, the incident at Creech suggest that day to day operations are still very much a local matter – handled by base- or unit- level cyber teams, with no formal system for reporting or escalating incidents up the command chain.
The infection at Creech is just the latest evidence that the U.S. Military is struggling to manage its sprawling IT infrastructure. A Government Accountability Office (GAO) report in July found that the U.S. Department of Defense’s efforts to unify its cyber security operations has serious gaps and that the Department is “unprepared to meet the current threat” of cyber attack. In it, the GAO calls the Pentagon to task for failing to develop a uniform doctrine to govern its cyberspace operations, and for a lack of command and control authority necessary in the event of an attack.