DOD set to fight hackers both foreign and domestic

DOD set to fight hackers both foreign and domestic

Task force monitors network to give department another layer of protection against cyberterrorism

By William Jackson

GCN Staff

When the Defense Department's Joint Task Force on Computer Network Defense opened for business last December, it found plenty to do.

'We have been at cyberwar for the last half-year,'' deputy Defense secretary John Hamre said. 'At least we had a place to work on it.''

Hamre spoke at ceremonies this month to mark the task force's coming to full strength in June. Since then, an interservice staff'supported by the DOD Computer Emergency Response Team, an intelligence cell and law enforcement liaisons'has been monitoring the Defense Information Infrastructure around the clock. The task force works out of the Global Network Operations and Security Center at Defense Information Systems Agency headquarters in Arlington, Va.

So far, none of the cyberthreats has proved serious. But Hamre said DOD's primary mission is to prepare for the next battle, 'buying the infrastructure in advance that we know we are going to need at some time.''

Hamre has testified to Congress about the threat of what he called an electronic Pearl Harbor'an attack on the nation's information infrastructure. He said he was referring not to a devastating surprise attack but rather to military preparedness.

'It wasn't that we got hit, but that we were ready to respond,'' Hamre said.

The Global Network Operations and Security Center at DISA headquarters is the task force's nerve center.

Warning signs

Until recently, DOD has not been ready to respond to a full-scale electronic attack. Air Force Maj. Gen. John Campbell, DISA vice director and task force commander, said the network defense unit grew out of the Eligible Receiver 97 exercise in 1997, in which National Security Agency teams waltzed into DOD systems using off-the-Internet hacking tools.

No one was then in charge of defending DOD networks, and it showed, Campbell said. Awareness was reinforced by the monthlong Solar Sunrise assault on DOD systems by a pair of teen-agers last year.

Today, 'we are really serious about protecting our networks and our systems,'' Campbell said.

Although the task force is physically at DISA headquarters, organizationally it is part of the Space Command, reporting to the commander-in-chief at Peterson Air Force Base, Colo. The task force uses DISA's global network management capability to monitor and analyze problems on DOD systems and coordinate responses.

'We don't fix the computers; we look at the operational side,'' said Army Col. Larry Frank, chief of operations. 'The other thing we bring to the table is command authority.'' DISA has no authority over any of the services.

The task force this spring encountered the Melissa computer virus, which spread rapidly by e-mail and threatened to swamp some DOD systems. The virus struck on a Friday, giving a two-day weekend buffer. The Defense CERT responded with a patch to block the virus within 12 hours.

DISA's director, Lt. Gen. David J. Kelley, left, Defense CIO Arthur Money, DOD's John Hamre and DISA's Maj. Gen. John W. Campbell were on hand for the ceremony.

'We were lucky it wasn't very damaging,'' Frank said.

The task force was aware of hacks against DOD Web sites during the air war in Kosovo, but they were not operationally significant, Frank said, because DOD does not rely on the Web to carry out its missions.

'We don't get real worried about Web page hacks,'' he said. 'That's an appearance issue.''

The task force has a judge advocate on staff liaison officers from DOD criminal investigative agencies.

It also maintains a working relationship with the FBI and other law enforcement agencies. Most attacks come from the outside, Frank said, and dealing with them is a law enforcement issue.

An attack from beyond U.S. borders might become an intelligence issue.

National jurisdictions are blurred in cyberspace, Frank said.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.