William J. Lynn III, U.S. Deputy Secretary of Defense, has confirmed a previously classified computer attack in which a foreign intelligence agent used a flash drive to infect computers, including those used by the Central Command in overseeing combat zones in Iraq and Afghanistan. Writing in the latest issue of the journal Foreign Affairs, Lynn describes the 2008 incident as "the most significant breach of U.S. military computers ever."
According to Lynn, "The flash drive's malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the U.S. Central Command. That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control. It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary."
According to the New York Times, Lynn's "article appeared intended partly to raise awareness of the threat to United States cybersecurity — “the frequency and sophistication of intrusions into U.S. military networks have increased exponentially,” he wrote — and partly to make the case for a larger Pentagon role in cyberdefense.... Various efforts at cyberdefense by the military have been drawn under a single organization, the U.S. Cyber Command, which began operations in late May at Fort Meade, Maryland, under a four-star general, Keith B. Alexander.... But under proposed legislation, the Department of Homeland Security would take the leading role in the defense of civilian systems."