Dynamic Network Defense

It’s not only military IT staffs that realize one of the biggest threats to U.S. national defense has no face. Top brass also recognize the challenge of securing cyber.

“The default today for many folks is to stay where they are and believe that no one’s in the network and everything’s OK,” says Gen. Keith B. Alexander, commander of U.S. Cyber Command and director of the National Security Agency. “There’s a lack of awareness and understanding by most operators out there.

“We have to change this paradigm because the bad guys cannot only steal everything, but they can bring it down. We really have to help the operators, and our nation, understand what’s going on inside that network — to address the defense of the Internet.”

To bring home the reality of the threat, Alexander pointed out the ceaseless pounding taken by Defense Department systems each day when he spoke at the recent Army LandWarNet conference in Tampa, Fla.

There are more than 7 million computers on the DOD network, and on any given day, that network is probed 250,000 times an hour — 6 million times a day, Alexander says. What’s more, there are 144 sovereign nations and countless rogue entities trying to bust into Defense systems.

The threat is huge and growing, he says. “From my perspective, there’s a lot that we have to do to defend this network.”

The Army’s vice chief of staff, Gen. Peter W. Chiarelli, agrees. The Army needs to put more advanced capabilities into the hands of warfighters to keep pace with the cybertools of the nation’s enemies, he says.

Reaching the Edge

“We don’t talk enough about how good the enemy is,” Chiarelli says. Because they often are not state-sponsored, some of the terrorist organizations the U.S. military must battle excel at pushing information down to the edge, he says. “The enemy we face is taking great advantage of simple, affordable technologies.”

DOD’s top chiefs understand the enormity of the problem, Alexander says. When he met in recent months with the military’s combatant commanders, all the COCOMs identified cybersecurity as one of the biggest threats facing the country. “And they’re right,” Alexander says.

Currently, if the department manages every component in its IT infrastructure perfectly — the “old school boundary devices,” routers and switches, antivirus and intrusion detection systems — DOD can only achieve an 80 percent protection level, Alexander says. That’s unacceptable, he says, and points to four changes that need to take place to make network cybersecurity more dynamic and less reactive:

• DOD must have people hunting inside networks to find and destroy malicious operators. “We must give our network and systems administrators that ability and authority.”
• The department needs to deploy interactive devices at the edge that lets those “hunters,” U.S. allies, and judicial and law enforcement officers share a common operating picture of the network.
• Defense cyberwarriors need real-time capability to act on information that’s gathered by these devices.
• DOD must be able to shut down anyone or any organization that’s ready to attack U.S. infrastructure assets.

A Battlefield Connected

The network offers tremendous opportunities to link battlefield commands, Alexander acknowledges, but without doubt there are vulnerabilities in every network connection that makes these opportunities possible.

And these vulnerabilities extend beyond government-owned systems, adds Maj. Gen. Stephen Smith, director of the Cyber Directorate for the Army CIO.

“We have to get in the business of helping soldiers and citizens with their home computers,” Smith says. Cybercrime is something that the government must help with because its soldiers “will take their eyes off the ball if they have a computer crisis at home,” he says.