While the US Army Sharpens Its Cyber Defenses, the Navy Faces the 'Real' Deal Right Now
U.S. Fleet Cyber Command conducts 'real world operations because they're there, and we don't have a choice' while the Army's Cyber Command is cautiously getting on its feet.
Army leaders deployed in foreign territory have a lot of data at their fingertips to help avoid surprise attacks, such as digital maps of minefield locations.
But the man in charge of shielding those information flows has questions about the tools and training that will be needed as cyber threats mutate.
Right now, trial and error is providing the answers.
"We've already run two small experiments at the combat training centers, and it's been quite an eye-opening experience," said Lt. Gen. Edward Cardon, commander of U.S. Army Cyber Command. He spoke on a panel at the Billington Cybersecurity Summit, held in Washington.
"You rapidly see the convergence of electronic warfare and information operations also in this space,” he said.
Today, there are "tremendous tactical SIGINT capabilities” available to commanders, Cardon said. The challenge is organizing the capabilities. "How is all this integrated together? How do you put the teams together?...How do you leverage the intelligence?"
For the Navy, often, there is no time for hacker simulations.
"In a lot of cases, we're doing real world operations because they're there, and we don't have a choice," Vice Adm. Jan Tighe, commander of U.S. Fleet Cyber Command, told Nextgov in a brief interview after she spoke at the conference .
That said, the Navy is developing various exercises too.
For example, cyber mission forces teams and other maritime commanders plan how they might fight off an attack directed at a specific numbered fleet commander, she said.
The branch encountered a teachable moment a few years ago, when, as the Wall Street Journal reported in 2013, Iran allegedly pierced the Navy Marine Corps Intranet.
Back then, Adm. Mike Rogers, now the head of the entire U.S. Cyber Command, had Tighe's job.
For the next five years, Navy cyber operations will be guided by a strategic plan to expand the branch’s cyberspace capabilities and shrink its information security vulnerabilities. According to the strategy, which was released in May, the service will build offensive "cyber effects" through, among other things, "warfighting exercises."
Cyber training across the Navy is particularly important for an organization split across lands and oceans worldwide. Tighe's jurisdiction is global, whereas the other fleet military operations centers are predominantly regionally-focused, she said. "We've got to train our own [cyber] forces on how to fight," she said. "We've got to train the rest of the Navy how to work with us."
The Army’s cyber corps also is tussling with a distributed theater. Local commanders conducting physical military operations need offensive capabilities to help attack the adversaries, Cardon said. Simultaneously, the network required to bring "the incredible capabilities of the U.S. military to the soldier on the ground" must be guarded against adversaries, he said. The Army expects to hold four more experiments in the coming year.
Insider threats have plagued military networks in recent years. There was, among other incidents, a Navy techie who went on a hacking spree at sea and a former Chinese military member, who downloaded Army files while working as a Pentagon contractor.
According to the Justice Department, Nicholas Paul Knight was serving as a systems administrator in the nuclear reactor department aboard the U.S.S. Harry S. Truman when, in 2012 and 2013, he co-led a gang of hackers that breached the Navy’s Smart Web Move database. The registry held Social Security numbers, names, and dates of birth, for approximately 222,000 service members.
In 2013, Wei Chen, a one-time Chinese anti-aircraft unit member, allegedly plugged an unsanctioned personal thumb drive into Army computers connected to classified and unclassified networks. After downloading unauthorized material onto the flash drive, he tried to conceal his actions by deleting network logs on the server, according to U.S. authorities. At the time, Chen was serving as a system administrator for Camp Buehring, a U.S. Army base in Kuwait.