US Defense Dept. Expands Cyber-Security Role

November 3, 2010 Off By Hoofer
Grazed from Internet Evolution.  Author: Sean Gallagher.

When the US Department of Defense started the ball rolling to create US Cyber Command, its network and information systems security and intelligence organization, there were a lot of people who were uncertain what such a command would do — in fact, the whole idea of "cyber-warfare" was still sort of nebulous. There were concerns from within the government, in Congress, and from observers outside that Cyber Command would expand DOD’s activities out into the civilian domain.

Well, now it’s happened, albeit quietly, and it seems many of those who worried have stopped worrying and learned to love Cyber Command, which is now helmed by the head of the National Security Agency and falls under Strategic Command.

DOD had already extended the reach of its security operations beyond the ".mil" domain to the networks of companies in what is called the Defense Industrial Base (DIB). Now, in a shift of policy, DOD is now looking to assist other government agencies in the defense of their information systems, and to partner with the Department of Homeland Security to offer assistance in handling all things related to cyber security.

Robert Butler, Deputy Assistant Secretary of Defense for Cyber Policy told reporters of the shift in stance on October 20. He said that the agreement with DHS "sets up an opportunity for DHS to take advantage of the expertise" of DOD’s various network defense and intelligence assets, including those of the National Security Agency. He added that DHS and DOD "will help each other in more tangible ways than they have in the past."

DHS will have a team embedded at Fort Meade, Md., where NSA and Cyber Command are located. The arrangement provides "an opportunity to look at new ways that we can do national cyber incident response," Butler told Defense News.

That sounds a lot like the DOD entering the domestic realm. And it’s no surprise, as DOD officials have been talking about the importance of defending the nation’s information infrastructure as a whole since the Aurora attacks nearly a year ago. The Stuxnet worm added more ammunition to DOD’s arsenal of arguments for a role in domestic cyber-security.

Some of DOD’s interest in helping police the Internet is selfish. DOD has changed its approach to cyber-security from a static defensive approach to a "mission assurance" philosophy. Since DOD relies on communications with other government departments, allies and coalition partners, and non-governmental organizations to carry out its mission, DOD needs to make sure that it can keep Internet lines of communication open to do so.

An example given in a recent conversation I had with Mark Orndorff, program manager for mission assurance at the Defense Information Systems Agency, is the need to ensure DOD’s Transportation Command can communicate with commercial shippers and air carriers in support of a deployment overseas for military or humanitarian operations.

For now, it would seem that most of what DOD and NSA can provide civilian agencies with is help with "situational awareness" — intelligence on what the emerging threats on the Internet are, where they’re coming from, and where defenses need to be reinforced.

Ironically, the DOD doesn’t even really have full situational awareness over its own networks yet. While DISA and the military’s network operations organizations are just now getting a critical mass of sensors and software in place to monitor systems, that information is still silo’d and not easily collected into a single picture of the DOD’s "Global Information Grid.”

Situational awareness of what’s going on in the wider Internet is even harder to do. NSA and other government agencies, as well as security software vendors like McAfee Inc. (NYSE: MFE), Symantec Corp. (Nasdaq: SYMC), and Panda Security have various tools for monitoring threats across the Internet, but they hardly provide a full picture of what’s going on in terms of emerging threats.

With the sort of state-sponsored and "hacktivist" attacks represented by Aurora and Stuxnet now being directed at the commercial sector, the boundaries between what’s cyber-crime and what’s cyber-warfare have become blurred to the point that DOD and civilian authorities really do need to coordinate their activities.