Truth About Computer Security Hysteria
AFOSI is cluelessRob Rosenberger, Vmyths co-founder
Sunday, 21 November 1999
AFOSI IS CLUELESS. I can reach no other conclusion.
As you may recall, I described how a virus like Melissa impacts the U.S. military INFOCON system. Paranoid USAF officials won't disclose their computer threat status under the Freedom of Information Act — yet the Army posts the current terrorism threat status on the web for all to see. It doesn't matter if terrorists know the THREATCON but it's a national security risk if 14yr-olds know the INFOCON. Go figure.
I asked certain Air Force agencies, including AFOSI, to disclose any INFOCON status changes during the Melissa hysteria. AFOSI receives numerous queries each year, so it didn't surprise me to get a "we're backlogged" form letter. I half-expected one and I said so in my opinion piece.
Well! They finally processed my request. Remember: AFOSI agents investigate hacked Air Force servers. Military hacker-trackers should know all about INFOCON. They should know — but they don't. Check it out:
"We contacted personnel at the AFOSI Communication and Information Directorate to obtain information responsive to your request. No records identifiable with your request were located. No one is familiar with the term 'INFOCON.' "
"INFOCON" didn't ring a bell in the Communication and Information Directorate? This revelation stuns me. A fact sheet says AFOSI's "counterintelligence mission primarily is to counter the threat to Air Force security posed by hostile intelligence services and terrorist groups... This includes investigating the crimes of espionage, terrorism, technology transfer, computer infiltration and other specialized counterintelligence operations."
The Marines will let you read a key INFOCON document I quoted back in August. Air Intelligence Agency sent a printed copy of it when they denied my FOIA request. "CJCSI" in Reference A stands for "Chairman Joint Chiefs of Staff Instruction." The "CNA" in Reference B stands for "computer network attack." The "DODD" in Reference G stands for "Department of Defense Directive." INFOCON comes straight from the halls of the Pentagon — just down the road from AFOSI headquarters — and it "will be administered through the Commander, Joint Task Force for Computer Network Defense (JTF-CND), when the JTF-CND reaches initial operational capability."
Terrorist groups. Computer network attacks. JCS chairman. Directives. Instructions. Even a new JTF ... yet Jim Christy's alma mater doesn't know what INFOCON means. So much for our crack team of zoomie electron detectives. They inspired me to write a "Sun Tzu haiku":
Jarheads on the web
Hmmm. AFOSI runs its operations from Bolling AFB. Bolling's website got hacked in early 1998. Coincidence?
A savvy defense attorney could search for INFOCON ignorance, failures, and outright violations within a hacked military element. "Come now, lieutenant: you command the network administrators in your unit. Do you mean to tell this court you know nothing about DoD's warning/alert system for network defense?"
(Don't ask me for advice or testimony if you got caught rearranging DoD's electrons. I called you an idiot for a reason. Bon voyage! Tell your cellmate I said hi.)