Insecure Pentagon sets poor example

PUBLISHED : Tuesday, 25 February, 1997, 12:00am
UPDATED : Tuesday, 25 February, 1997, 12:00am

The news that high-school students in Croatia broke into United States military computers is the latest in a series of Internet security incidents to hit the US Government.

The students hacked into military bases in locations as far-flung as Guam and ranging from an air force base to a nuclear installation, it was reported.

Initial reports suggested that the students would have had access to classified files during their hacking escapades into military cyberspace, although the Pentagon was quick to deny this, suggesting that only personal e-mails and 'sensitive' information was on machines connected to the Internet and that all classified information was on closed systems.

Whether or not classified information was accessed or not is not the point.

What seems more important here is that it was possible to break into systems containing sensitive information not intended for public consumption.

The Pentagon is an agency which has access to new communication technology, sometimes years before the rest of us get our hands on it.

It would seem logical, then, that its Internet security would be at least as good as other large corporations and businesses on the Net.

With this incident at the Pentagon and last year's hacking of the CIA home page on the Web, one has to wonder if government agencies in the US aren't lagging behind the rest of the Internet community when it comes to security for private data.

This is shocking when a well implemented firewall system can continue to allow staff at these military installations to access the majority of Internet information and services while effectively protecting core data against prying eyes.

Of course, there are exceptions to all security schemes, but the fact that these Croatian students broke into multiple installations in such a short time suggests that there is an overall lack of awareness or expertise about Internet security within the US military.

This may seem an entirely US-oriented issue, but it isn't. When a agency such as the Pentagon is shown to have been subjected to multiple security breaches involving the Internet in a short period of time, the public immediately jumps on Internet technology as the source of the problem.

Not understanding the technologies involved, they do not realise that this is more likely to symbolise poorly implemented systems rather than fundamental flaws in security technologies available to organisations using the Internet.

The end result is to add to the public caution about security on the Internet.

Will businesses or schools, governments or non-governmental organisations which were considering Internet connections now hesitate to take the leap because of the Pentagon incidents? It is possible, but hopefully the public will get the message that the Net does not have to be the frightening place that these horror stories suggest it might be.

With a little caution and prudence it is possible to provide full Internet connectivity, run a Web server and take advantage of the benefits of communication and information available on the Internet without putting internal information at serious risk.

Those who believe in the Internet need to get this message out.

After all, stories like the Croatian incident highlight rare cases which have happened to big-name organisations and do not reflect the norm or the way the Internet needs to be.