[ISN] DOD's 'Manhattan Project'

InfoSec News isn at c4i.org
Fri Aug 26 04:20:28 EDT 2005

Forwarded from: William Knowles <wk at c4i.org>


By Frank Tiboni
Aug. 25, 2005 

Taking a page from the past and one from the future, the Defense 
Department is devising ways to fight a new kind of threat that 
requires the strategic tricks of ancient warriors and the untested 
tools of network-centric warfare.

Unless DOD changes how it operates and learns to defend its cyber 
networks, many military experts say it will not be able to wage an 
effective battle in the cyberwar that is emerging as the 21st 
century's biggest challenge.

The Pentagon is at a crossroads, said Air Force Lt. Gen. Charles 
Croom, the new director of the Defense Information Systems Agency and 
commander of the Joint Task Force for Global Network Operations 
(JTF-GNO). "Networks are too important to the warfighter to not have 
them when the warfight begins," he said.

Croom said DOD approaches computer network defense by emphasizing 
convenience to users, but the department's future information 
assurance strategy should tilt toward adding security.

"The threat is great," Croom said. "It requires constant vigilance."

Other countries - for example, China - crime gangs and thrill-seeking 
hackers could steal information about U.S. military war plans and 
weapon systems to gain intelligence and embarrass the Pentagon. The 
threat has caused DOD to re-evaluate information assurance policies 
and acknowledge that such reviews will continue. 

In the past year, DOD implemented new policies to strengthen computer 
network defense. In 2004, DOD created JTF-GNO to operate and defend 
networks that operate under Strategic Command (Stratcom).

The department also approved a new command structure that identifies 
four military officials who will report to Croom. The National 
Security Agency published a new technical architecture guiding DOD's 
acquisition and use of information assurance technology. DOD also 
issued directives on managing ports, protocols and services, and 
requiring periodic computer security training for all department 

DOD turned to procurement to support these policies and develop new 
kinds of defenses for cyberattacks. First, the department chose Retina 
from eEye Digital Security to scan computers for vulnerabilities. 
Then, DOD selected Hercules from Citadel to patch computers. Next, the 
department built a new multimillion-dollar command center to monitor 
global network operations and picked PestPatrol, antispyware from 
Computer Associates International. DOD will soon begin testing Pest 
Patrol before introducing it later in the year.

DOD identified nine new procurements to fill information assurance 
gaps and improve security analyses and responses departmentwide, said 
a DISA official who requested anonymity. 

The procurements include:

* Tier 3 Security Information Manager, a comprehensive system that 
  tracks and analyzes data produced by scanning and sensing products. 

* Insider Threat, technology that prevents spies and double agents 
  from installing malicious hardware and software. 

* Secret IP Network Security Enhancements, a system that strengthens 
  protection of the U.S. military's classified network. 

* Honeynets, fake networks that draw adversaries away from the U.S. 
  military's real networks, keep them occupied and collect intelligence 
  on their attack methods. 

The DISA official said the Computer Network Defense Enterprise
Solutions Steering Group oversees those new procurements. It is led by
Stratcom and the Office of the Assistant Secretary of Defense for
Networks and Information Integration and Chief Information Officer.  
That office develops DOD information technology policy and administers
the department's $2 billion annual budget for information assurance
products and services.

Bob Lentz, director of information assurance in the DOD CIO's office, 
said he agrees with Croom that the department is at a crossroads as it 
tries to operate and defend a complex of networks known as the Global 
Information Grid (GIG).

"This is the equivalent of the Manhattan Project," Lentz said. "I will 
say we are at that level of seriousness of securing this massive 

Every four hours, he said, the equivalent of the entire Library of 
Congress' archives travels on DOD networks. To wage network-centric 
warfare, he said, the department's 4 million users must trust the 
confidentiality of the information that crosses GIG and be assured of 
its availability. 

Adversaries, however, recognize the U.S. military's dependence on
networks and electronic information and the importance of sharing data
- all of which are main principles of the evolving net-centric warfare
strategy. Enemies view that dependency as an opportunity to challenge
the most powerful fighting force in the world on an even battlefield,
military experts say.

Industry officials worry that all the steps the military will take 
might not be enough. They argue that net-centric warfare opens the 
services to hidden dangers.

"We tend to assume we will have a technological edge over our 
adversaries," said Loren Thompson, chief operating officer at the 
Lexington Institute, a public-policy think tank. "That quite possibly 
may not happen because digital networking technology is readily 
available in global markets."

Alan Paller, director of research at the SANS Institute, a nonprofit 
organization that monitors computer security, warned that U.S. 
warfighters are becoming dependent on IT rather than using it as an 

"The risk of losing the engagement because the systems were hacked 
grows explosively," Paller said. President Bush has pledged to defend 
Taiwan if China attacks. And DOD has said the new local warfighting 
strategy of China's People's Liberation Army is to use computer 
network operations to seize the initiative and gain electromagnetic 
dominance early. 

Jack Keane, the retired Army vice chief of staff who is now a military 
consultant and advises URS Corp., a federal contractor, said the new 
warfighting strategies of the United States and China play off each 
other. He said they could collide if China attacks Taiwan to unify it 
with the mainland. 

Paul Wolfowitz, former deputy secretary of Defense, did not name China 
as one of the adversaries exploiting vulnerabilities in DOD networks 
in a memo to agency officials and military leaders last year. But 
"failure to secure our networks will weaken our warfighting ability 
and potentially put lives at risk," he said.


A network defense strategy: Honeynets 

Army Col. Carl Hunt, director of technology and analysis at the Joint
Task Force for Global Network Operations, has recommended that the
Defense Department fundamentally change how it protects its networks
by building fake networks, or honeynets.

Honeynets would draw adversaries away from real U.S. military networks
and gather intelligence on enemies' attack methods.

"These systems will collect information on methodologies, techniques
and tools while providing a realistic playground for the intruder,"  
Hunt said. By adopting a new set of maneuvers, DOD can lead persistent
adversaries "to the terrain of our choosing."

Honeynets, however, will not solve all of DOD's computer network
defense problems, Hunt said, adding that the department must also
better understand its networks and the technologies available to
protect them.

Hunt's comments appeared in "Net Force Maneuver: A NetOps Construct,"  
a paper he co-wrote for the Institute of Electrical and Electronics
Engineers Computer Society's Systems, Man and Cybernetics workshop.

The workshop was held in June at the U.S. Military Academy at West
Point, N.Y.

- Frank Tiboni


 From horseback, soldiers call for bombs

John Luddy, an adjunct fellow at the Lexington Institute, a
public-policy think tank, said no better illustration of
network-centric warfare's potential exists than the image of an Army
Special Forces soldier on horseback in Afghanistan sending location
data via satellite from his notebook computer to an Air Force B-52
bomber crew. In less than 20 minutes, the crew could drop
precision-guided bombs on Taliban troops.

Luddy describes network-centric warfare as "getting the right
information faster to the right forces so they can take the right
action faster against the right objective." Afghanistan and Iraq show
that the new warfighting strategy works, he said.

In "The Challenge and Promise of Network-Centric Warfare," a report
published by the institute in February, Luddy writes that "albeit it
against markedly inferior military forces, American forces were able
to integrate information and communications systems and procedures to
accomplish more with less, and faster, than would have been possible
even a decade ago."

- Frank Tiboni

"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
C4I.org - Computer Security, & Intelligence - http://www.c4i.org

More information about the ISN mailing list