On Monday, ISIS supporters claiming to be a “Cyber Caliphate”
hacked US Central Command’s (CENTCOM) Twitter and YouTube accounts. As soon as it happened, media outlets went
crazy with headlines like “CENTCOM Hacked” and various other wordings that
portrayed the same image. The problem
with this is that CENTCOM, as in the DOD organization, did not get hacked. The attackers never got into an actual DOD system;
they attacked the CENTCOM accounts on YouTube and Twitter. This differentiation needs to be made. The terrorists want us to be scared, they
want us to retreat and live in fear of everything. By leading with these headlines, the
mainstream media is doing a disservice to the American people; they are
essentially saying that now nothing is safe, not even DOD networks.
These ISIS supporters also published documents that
contained phone numbers and names of personnel at the command, yet these
documents were made out to seem like they contained nuclear launch codes or
something; these documents were unclassified but marked as For Official Use
Only (FOUO). All personal data is
protected under what is known as Personally Identifiable Information (PII) and is
supposed to be treated as sensitive. In
theory that’s a good idea, but in reality it does not work like that. Having been in a leadership position in the
military, and even working within the Cyberwarfare realm, I know how hard it is
to keep information from falling into the wrong hands, but there is certain
information that you “protect” more than others. The recall bill (or recall roster, depending
on which branch you’re talking about) is one of those documents that floats
around freely. I remember always having
a copy of the list for every individual in my division on my personal computer
and my phone, so if something came up and I wasn’t at work I could make contact
with my people and let them know what was going on. Why do I bring this up? The point is that the document with names and
phone numbers is floating around in various people’s personal emails and
probably even freely accessible with a few simple Google searches. Just because this document happens to belong
to CENTCOM does not mean that all of a sudden the DOD and the Global
Information Grid (GIG) is under attack anymore than it already is on a daily
basis.
Unlike private companies, the DOD has multiple safeguards in
place to help protect their information systems, and those safeguards have
increased substantially in recent years to keep up with the changing cyber
landscape. I won’t delve into the
safeguards because the majority of them are classified, but I assure you they
are in place. This does not mean,
however, that it would be impossible to penetrate the systems, it just makes it
harder.
In the end, we all need to be reminded that everyone and
every organization is vulnerable to a cyber attack, and in my opinion, that
will the next big attack that occurs. It
could occur within the electric grid, the financial system, or any other
infrastructure system that we use daily and do not even think about. That does not mean that we must live in fear
day in and day out. The mainstream media needs to take responsibility for that
by ensuring they are not using fear mongering headlines just to get clicks on
their stories and increase their ratings.
