Three years after coming into existence, the cyber defense arm of U.S. Cyber Command says it will reach phase one of an order aimed at shoring up vulnerabilities across the Defense Department this spring.
The departmentwide cybersecurity order, known as Operation Gladiator Shield (OGS 17), marks a major milestone for the Joint Force Headquarters-Defense Department Information Networks (JFHQ-DoDIN), which will reach full operational capability (FOC) this month.
While most of the orders from JFHQ-DoDIN are classified, since they identify specific vulnerabilities, Operation Gladiator Shield called on the services and agencies to scour their infrastructure for gaps in cyber defense.
“It involves understanding your terrain, understanding your networks and understanding how you’re defending those networks — is there any gap in defending, any terrain that’s not covered, that’s not protected,” Rear Adm. Kathleen Creighton, the deputy commander of FHQ-DoDIN, told Federal News Radio Thursday at an AFCEA-DC luncheon in Arlington, Virginia. “Then the goal is to roll all of that up for the entire DoDIN to understand the overall risk.”
Since January 2015, when DoD created JFHQ-DoDIN to take over operations and defensive work from U.S. Cyber Command, the organization has been involved in several named cyber operations, but hasn’t yet emerged as a fully mature organization. Creighton said she expects JFHQ-DoDIN to reach full operational capability by the end of January. They are waiting on final approval by U.S. Cyber Command.
Creighton said JFHQ-DoDIN will gain an “initial understanding” of the threats across DoD’s systems sometime this spring, once Operation Gladiator Shield reaches phase one, about six months after it rolled out last October.
“We’re going to, across DoD, better understand our vulnerabilities, where we’re taking risk and ensuring that commanders, one, understand that, and make a decision: Is that where they want to place the risk, and do they want to remediate, do they want to invest to close that risk area? Or do they not want to use that equipment, say, ‘This is a risk,’ and they say, ‘Well we can’t afford, so we can shut it off. Or we can put it behind other protections.’ Maybe that’s how we integrate the risk,” she said.
JFHQ-DoDIN expects to reach phase one of Operation Gladiator Shield just as DISA will implement a new risk management framework in March. All of DoD must move to the framework from the DoD Information Assurance Certification and Accreditation Process (DIACAP) process by March.
“We’re looking at what are those controls, those safeguards that we have in place, knowing that systems are always at risk,” Roger Greenwell, a risk management executive and DISA authorizing official, told Federal News Radio.
Creighton said the impetus behind Operation Gladiator Shield wasn’t based on any particular cyber risk, but rather a milestone in JFHQ-DoDIN’s development as a cybersecurity organization apart from CYBERCOM.
“I think it was part of the maturation process of JFHQ DODIN as a C2 [command and control] headquarters, that if you want to command and control something, you first have to understand your battle space, your area of operations. On the operational side, in the other domains — land, air, sea, space — they define an area of operations,” she said. “What is the same thing for us? What is our area of operations that we’re C2ing? And we realized, we can’t do that if we don’t understand the terrain.”
Based on its analysis of the threats identified by the military services and DoD, Creighton said Operation Gladiator Shield could influence decisions on where to put forces or potentially where to invest in areas that need increased protection.
“We want to have more predictive intelligence, and help our maneuver forces, our cyber protection teams and others who are out there on the network and better inform them,” she said.
Looking ahead to the rest of 2018, Creighton said that JFHQ DoDIN will seek to broaden its partnerships with industry, academia and across the cybersecurity community and pursue further opportunities for threat sharing.