What's ahead for DOD's cyber forces

The Defense Department is putting in place the infrastructure and tools necessary to achieve its cyber protection goals and objectives. Here’s what is on the horizon.

Information Assurance Range and National Cyber Range for testing advanced capabilities. The Defense Information Systems Agency and Marine Corps have been collaborating on an Information Assurance Range and training network for testing cyber defense capabilities and training cyber operators, said Mark Orndorff, DISA’s program executive officer for mission assurance.

“That is still a bit in its infancy, but it has a huge potential, and it's already providing lots of great benefits,” Orndorff said. “It provides an environment where we can exercise the cyber forces and work out [concepts of operations] and procedures and techniques and make sure that the organization is operating effectively in a variety of different controlled scenarios. You can start doing attack scenarios to make sure that an organization is protected against those attacks. It also provides an environment for individual training, where you can get on the tools that we're providing and have individual operator training, so that an operator, before they deploy or before they get on the production network, has all the skills and has used the tools we're providing in DOD in the way that DOD wants them to operate.”

The Defense Advanced Research Projects Agency is working on a separate capability, called the National Cyber Range, that will provide advanced threats to test technology before DOD deploys it.

Cyber Command moves to full operational capability. The Cyber Command was scheduled to achieve its full operational capability certification from the Strategic Command at the beginning of October, but Stratcom commander Air Force Gen. Kevin Chilton delayed his sign-off. Although Cybercom has already begun to fulfill its role, the certification will signal that the command is up-to-speed.

The Army Cyber Command and the Air Force’s 24th Air Force have both reached full operational capabilities. The Navy’s 10th Fleet and Fleet Cyber Command was established in January and trails the other services in terms of capability, according to observers.

Navy Next Generation Enterprise Network will offer increased security. The NGEN program is critical to the Navy’s efforts to gaining full situational awareness and command and control of its networks. It will replace the Navy Marine Corps Intranet. Chief of Naval Operations Adm. Gary Roughead has made a priority of moving the Navy’s networks “toward a model that is agile, relevant, secure and cost-effective”— consolidating NMCI and other networks into a new network that the Navy owns from end to end.

Information for situational awareness about cyberattacks, viruses, malware and other issues is still compartmentalized across multiple systems, Orndorff said. For this reason, consolidation and standardization of command and control and situational awareness across all of DOD’s networks will be a top action item in 2011.

Host-Based Security System follow-on expected. DISA’s Host-Based Security System contract will expire in the near future. The system is the foundation of DOD’s situational awareness at the system level, and DISA officials will seek to extend the capabilities that it provides in the next iteration of the contract. Orndorff declined to discuss the acquisition strategy that DISA is developing for its next phase.