Every day, the Defense Department thwarts 36 million emails full of malware, viruses and phishing schemes from hackers, terrorists and foreign adversaries trying to gain unauthorized access to military systems.
Extrapolated over one year, the Pentagon’s receives 13 billion such emails, which are automatically scanned for suspicious content and other telltale signatures and “dumped on the floor” before they ever reach an inbox, according to David Bennett, director of operations for the Defense Information Systems Agency.
“The reality is we’ve got to get it right all the time, they only have to get it right once,” said Bennett, speaking Thursday at an AFCEA event in Arlington. “Emails are the number one [threat vector] delivery mechanism globally.”
The Defense Department has long been a major target for hackers and spammers alike. In 2015, only one in seven emails sent to its 3.2 million total users was legitimate, the rest contained malware, viruses or were classified as spam. While email is the most common threat vector faced by the Pentagon, would-be attackers are evolving to attack the department in other ways, according to Lt. Gen. Alan Lynn, the outgoing DISA director and Joint Forces Headquarters-Department of Defense Information Network commander. Lynn retires Feb. 2 and Rear Adm. Nancy Norton has been nominated to replace him.
Speaking Thursday, Lynn said the Pentagon has faced distributed denial-of-service attacks up to 600 gigabytes per second. A DDoS is a cyberattack in which hackers attempt to disrupt or shut down a network or machine by flooding it with requests. Hackers often use hijacked computers or internet-connected devices, and in some cases are making use of cloud computing to boost the strength of their attacks.
The Defense Department’s computing infrastructure connects to the web through 10 internet access points around the globe. Those points—between the Defense Department’s unclassified and classified networks and the public internet—are attractive targets to hackers.
Three years ago, Lynn said it was “a big deal” when the Pentagon was targeted by a “one- or two” gigabytes per second attack.
“Now we get 600 gigabytes per second attacks on internet access points, and unique and different ways of attacking us we hadn’t thought of before,” Lynn said. “Some are classified.”
Hackers are augmenting their attacks, sometimes surreptitiously exploiting computers or web-connected devices, as was the case in the Dyn hack that shut down many popular websites in 2016.
Lynn said the Pentagon is preparing for a one terabyte per second DDoS attack, an attack so large it would have been impossible to fathom only a few years ago.
“We call it the terabyte of death looming outside the door,” Lynn said. “We’re prepared for it. It’s just a matter of time before it hits us.”