Sharing data is crucial to cyberdefense
- By Patience Wait
- Aug 16, 2006
Each agency within the Defense Department has frontline responsibility for securing its own IT systems, but the job doesn't end there.
The same malware or social engineering techniques used to dig into an Army network, for instance, could show up later in an attempt against an Air Force system or a network-centric communications link between combat troops on the ground and at sea. Without the ability to share information and coordinate responses, the services' capacity to respond to incidents is severely hampered.
Some DOD resources, such as the Global Information Grid, stretch across all Defense agencies, requiring a departmentwide response mechanism.
The Joint Task Force for Global Network Operations is the specific directorate within the Strategic Command that protects the GIG. But the directorate and the individual services also receive assistance from the Homeland Security Department, the FBI and other federal agencies.
'We have a very rich relationship with the [DHS] Computer Emergency Response Team,' said Rear Adm. Elizabeth Hight, principal director for operations at the Defense Information Services Agency and deputy director of JTF-GNO. 'We participate and communicate and collaborate with them every day. ... I find that their willingness to work with us on [what] they're seeing beyond the DOD's borders has been a wonderful interagency exchange. We have made a habit of sharing information.'
Hight said that U.S. CERT shares information on topics such as new viruses, other malicious software and techniques being used by botnet masters.
'It is what they're seeing on the Internet, and how it may or may not try to interact with this specialized set of users within the United States,' she said.
Army Maj. Gen. Dennis Moran, vice director for command, control, communications and computer systems for the Joint Chiefs of Staff, pointed out that both DHS and the National Security Council work with DOD, particularly through Pentagon CIO John Grimes, to discuss cybersecurity.
'On a policy issue, that's when we typically get more engaged with the Homeland Security directorate,' Moran said. On intrusion investigations, DOD's interface would be through the Joint Forces Command-Global Network Operations and the FBI, he said.
'We typically handle [investigations] with law enforcement in the lead, so anything that occurs within our network typically has a policeman leading the investigation,' Moran said.
There are two good reasons to work with law enforcement as the primary investigative arm, he added: to make sure a strong legal case can be developed for prosecution, and to keep any 'command influence' out of an investigation that might involve military personnel.
STRATCOM is the lead agency in defending the military's networks, Moran said.
'We've got a combatant commander, [Gen. James Cartwright], and he has many important missions ... but one of his most important is operating and defending the GIG,' Moran said.
Air Force Lt. Gen. Robert Kehler, deputy commander of STRATCOM, pointed out that while the command takes the lead in defending the military's infostructure, the responsibility is much more dispersed.
'The Marine Corps has a saying that every Marine is a rifleman first. Everybody in the DOD will have a responsibility for defending the network,' he said.