U.S. Military Lowered Its Computer Security Level the Night Before 9/11
Check out this curious incident relating to the 9/11 attacks. According to a new entry in the Complete 9/11 Timeline, at around 9 p.m. on the evening before 9/11--less than 12 hours before the attacks began--the U.S. military lowered its "Infocon" threat level to the lowest possible level, supposedly because of "reduced fears of attacks on computer networks."
The Infocon system is intended as "a structured, coordinated approach to defend against and react to attacks on Defense Department systems and networks." General Ralph Eberhart, the commander of NORAD, was responsible for issuing Infocons to the US military, and so he was presumably responsible for lowering the Infocon level on September 10. (See my previous blog entry for details of Eberhart's suspicious actions on the day of 9/11 itself.)
The Infocon level was raised again after the second plane hit the World Trade Center on 9/11.
Yet another strange "coincidence."
September 10, 2001: Military 'Infocon' Alert Level Reduced because of Perceived Lower Threat of Computer Attacks
The US military reduces the Information Operations Condition (Infocon) to Normal--the lowest possible threat level--less than 12 hours before the 9/11 attacks commence, reportedly due to reduced fears of attacks on computer networks.
Level Reduced Due to 'Decreased Threat' - The Infocon level is lowered to Normal, meaning there is no special threat, at 9:09 p.m. this evening. The reason for this, according to historical records for the 1st Fighter Wing at Langley Air Force Base, Virginia, is "a decreased threat from hacker and virus attacks on the computer networks across the US." [Colorado Springs Gazette, 5/3/2001; 1st Fighter Wing History Office, 12/2001] Since October 1999, the commander of the US Space Command has been in charge of Defense Department computer network defense, and has had the authority to declare Infocon levels. [IAnewsletter, 12/2000] General Ralph Eberhart, the current commander of both the US Space Command and NORAD, is thus responsible for evaluating the threat to US military computers and issuing information conditions--"Infocons"--to the US military. He is presumably therefore responsible for lowering the Infocon level this evening.
Higher Infocon Level Requires More Precautions - It is unclear what difference the reduced Infocon level makes. But an e-mail sent earlier in the year from Peterson Air Force Base in Colorado, where NORAD and the US Space Command are headquartered, revealed the steps to be taken when the Infocon level is raised one level from Normal, to Alpha. These steps include "changing passwords, updating keys used to create classified communication lines, minimizing cell phone use, backing up important documents on hard drive, updating virus protection on home computers, reporting suspicious activity, and reviewing checklists." [Colorado Springs Gazette, 5/3/2001]
Level Increased Earlier in Year - It is also unclear what the Infocon level was prior to being reduced this evening and why it had been at that raised level. Pentagon networks were raised to Infocon Alpha for the first time at the end of April this year, as a precaution against attacks on US systems, after Chinese hackers warned of such attacks in Internet chat room postings. [United Press International, 4/30/2001; Colorado Springs Gazette, 5/3/2001; United Press International, 7/24/2001] The Infocon level was raised to Alpha a second time in late July, due to the threat posed by the Code Red computer virus. [United Press International, 7/24/2001; US Department of Defense, 7/24/2001] It will be raised again, from Normal to Alpha, during the morning of September 11, immediately after the second attack on the World Trade Center takes place (see 9:04 a.m. September 11, 2001). [1st Fighter Wing History Office, 12/2001]
System Intended to Protect Defense Department Computers - The Joint Chiefs of Staff established the Infocon system in March 1999 in response to the growing and sophisticated threat to Defense Department information networks. The system is intended as a structured, coordinated approach to defend against and react to attacks on Defense Department systems and networks. Reportedly, it "provides a structured, operational approach to uniformly heighten or reduce defensive posture, defend against unauthorized activity, and mitigate sustained damage to the defense information infrastructure." It is analogous to other Defense Department alert systems, such as Defense Condition (Defcon) and Threat Condition (Threatcon). The Infocon system comprises five levels of threat, each with its own procedures for protecting systems and networks. These levels go from Normal, through Alpha, Bravo, and Charlie, up to Delta, which, according to Rear Admiral Craig Quigley, the deputy assistant secretary of defense for public affairs, is when "You're currently under an absolutely massive hack attack, from a variety of means, from a variety of sources. You're talking a very concerted, focused attack effort to get into [Defense Department] systems." [IAnewsletter, 12/2000; General Accounting Office, 3/29/2001; US Department of Defense, 7/24/2001]