The most significant computer systems’ breach in U.S. military history dates back to 2008, when malicious code contained in a flash drive infected a laptop of a military official posted in the Middle East, and spread further to the network of the U.S. Central Command. The code in question was put on the drive by operatives of a foreign intelligence agency, most likely Russian.
This information would have likely remain hidden to the greater public, were it not for Deputy Defense Secretary William J. Lynn III. According to The Washington Post and various experts, he declassified this incident and shared it in a bid to “raise congressional and public concern over the threats facing U.S. computer systems.”
He also reiterated the often repeated claims that Pentagon’s networks are constantly being probed by foreign powers and that cyberspace requires a completely different approach to defense and deterrence, since it’s extremely difficult to know for sure from where the attack really originates.
But, the Department of Defense is not sitting idly. The aforementioned incident made it ban the use of flash drives, and that was just the first instinctive action. Since then, an “active defense” strategy has been their goal, and among other things, it focused on detecting counterfeit hardware bought by government agencies, departments and institutions – hardware that could offer attackers a way into the system.