On December 8th, 2011, Ellen Nakashima wrote for the Washington Post on a computer virus that redefined how the United States looks at cybersecurity. The article takes an in-depth look at a particular piece of malware called Agent.btz. In 2008, Agent.btz infected military systems through a regular flash drive. The circumstances of the infection are unclear, but Agent.btz ultimately made its way to the SIPRNet and JWICS networks. According to the article, it wasn't until Agent.btz attempted to "phone home", or contact the broader internet and transmit classified files, that US authorities took notice.
The article goes on to describe the joint effort between the military and the NSA to hunt down Agent.btz. That operation was called "Buckshot Yankee", and required US military members to stop using flash drives for a while. Buckshot Yankee was ultimately successful through a step-by-step process of hunting down the virus.
However, the story doesn't end with the neutralization of Agent.btz. The article points out that Agent.btz started a huge debate over the national response to cyberthreats, and was really the catalyst for the creation of CyberCommand. The entire episode also highlighted the turf wars between various US government agencies and how those agencies could/should respond to a cyberattack on US systems. Can the military take unilateral action within the US to protect civilian networks? What about civilian critical infrastructure? The article notes that the military, DOJ, CIA, NSA, DHS, and State Department all have competing claims to cybersecurity responsibility.
The debate is summed up quite nicely when the article quotes Gen. Keith Alexander, head of CyberComm/NSA: “Right now, my mission as commander of U.S. Cyber Command is to defend the military networks . . . I do not have the authority to look at what’s going on in other government sectors, nor what would happen in critical infrastructure. That right now falls to DHS. It also means that I can’t stop it, or at network speed . . . see what’s happening to it. What we do believe, though, is that that needs to be accounted for. We have to have a way to protect our critical infrastructure.”
My summary can't possibly do justice to the depth of Nakashima's article, so I highly suggest you to take a look, it's definitely worth the time.
The rest of the article can be found here.
William Snyder
And, this story is generating a massive response and debate, too. The number of people who have forwarded this Washington Post story to me is unprecedented. I think that part of what caught people’s attention are the sentences: “This article, which contains previously undisclosed information on the extent of the infection, the nature of the response and the fractious policy debate it inspired, is based on interviews with two dozen current and former U.S. officials and others with knowledge of the operation. Many of them assert that while the military has a growing technical capacity to operate in cyberspace, it lacks authority to defend civilian networks effectively.” By all accounts, those sentences are correct. Thus, this article goes right to the heart of the interdisciplinary issues that we try to address at http://www.cybersecuritylaw.us.