The Pentagon is having security problems with its internal Internet networks. The Department of Defense has two private Internets (using Internet technology, but not connected to the public Internet). NIPRNET is unclassified, but not accessible to the public Internet. SIPRNET is classified, and all traffic is encrypted. You can send top secret stuff via SIPRNET. Recently, however, two computers connected to SIPRNET were found to have computer viruses. The Pentagon doesnt yet know how they got infected, and because the computers only used SIPRNET, they did not have any anti-virus software installed. The most likely cause of infection was someone bringing a floppy or CD, containing the virus, to work and, well, you know the rest. Before the Internet came along, this was a common method for viruses and other malware to get around (slowly, but the stuff did travel that way.) NIPRNET is also vulnerable, and the Department of Defense is installing new hardware (special routers, for example) and software to increase security.
The military is a big user of the public Internet, and they have discovered 62 percent of the intrusions (hacks and viruses) are the result of poor configuration (not keeping the hardware and software set up correctly to defeat known vulnerabilities). Another 24 percent of the intrusions came from not installing patches and security update in time. The rest of the intrusions come from more mundane problems, like using an easily cracked password, or no password at all. Network security has always been a people problem, and these recent incidents are a sharp reminder of that. People trying to get into military networks (mainly via the public Internet) are increasing. There were 40,076 known attempts in 2001, 43,086 in 2002, 54,488 in 2003 and 24,745 in the first half of 2004.