Services still adapting to the job of weaponizing the network
- By Mark Pomerleau
- May 11, 2016
The Defense Department is steadily integrating new cyber operations – both defensive and offensive – under the umbrella of the U.S. Cyber Command, but not without some growing pains.
One such example involves the confusion surrounding traditional warfare operations and network operations. “We’re getting a little bit confused on infrastructure versus buying a network weapon for the [cyber protection teams] to use. And we have to make sure we understand when we’re weaponizing the network to do [defensive cyber operations] or [offensive cyber operations] versus maintaining the” network, Gary Wang, deputy CIO of the Army, said at an AFCEA-hosted breakfast May 11. “I mean, it’s the only place where you’re going to run your business [operations] and you’re also going to fight a cyber war on the same infrastructure simultaneously.”
“The basis of network operations came from the IT world but how we fight cyber warfare now is coming from the operations side of the house,” Wang told Defense Systems following his participation in a panel discussion. “Where there’s some confusion is when we say IT infrastructure for keeping the lights on and network running versus … how we can weaponize the network to support defensive cyber operations or offensive cyber operations.”
Aside from general growing pains, Wang said, “the other thing is, what are the operational scenarios that are going to be exercised?” Additionally, working through some dual-use tools will be challenging. “There are many tools and many things used on the traditional network operations side that have dual-use purpose in terms of being used… I used the example of a hammer; you can use a hammer to build a house but you can also use a hammer to go kill somebody, but it’s the same hammer,” he said. “So that’s what we’re talking about here – we’re using some of the same network operations tools to go build a house or build a network and that same tool can be used to conduct offensive and defensive operations.”
The Air Force found it helpful to conduct war games as a means of working out new procedures. “We actually war-gammed our computer network defense activity,” Bill Marion, deputy CIO for the Air Force, said during the same event, describing it as “game changing” for the service. “We actually war gammed, exercised two times with [the Defense Information Systems Agency], we war-gammed with 24th Air Force, which is our cyber component…[we] actually went through those threads and actually worked through them and then documented those processes because they just simply don’t exist. When a classified incident happens how do you work through the flow of a mission order, [with] our 24th Air Force, the commercial provider? So that was one of our biggest stumbling blocks.”
DISA has begun to play a larger role in global cyber operations as the “operational arm” of Cyber Command with the Joint Force Headquarters-DOD Information Networks, which is responsible for global DOD Information Network defense.
Wang added that tactics, techniques and procedures must be re-worked to address the confusion he referred to in conjunction with “watching what has happened in the intelligence world [which has] come out from behind the green door and to a much more open kind of public space.”
Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.