The Defense Information Systems Agency’s cyber defense headquarters has been involved in seven named operations since it started its duties in January.
“It just stood up on the 15th of January so you would think we are just building it as we are flying it and it would be kind of a slow process,” DISA Director Lt. Gen. Alan Lynn said about the agency’s Joint Force Headquarters-Defense Department Information Networks (JFHQ-DoDIN) during a Sept. 23 speech at Defense Systems Face to Face DoD event. “We are absolutely in the fight now…[JFHQ-DoDIN] has been extremely successful.”
Lynn said all seven operations were cyber events in varying degrees, but could not go into much detail due to their classification. Some of the operations were deployed operations, but others were not due to the nature of them being in cyberspace.
Operations with names are especially important because the moniker means DoD is acknowledging there is an actual reaction to a threat and the department is taking the threat seriously.
JFHQ-DoDIN was created to take over operations and defensive work from U.S. Cyber Command. The headquarters is still in initial operating (IOC) so it is only assuming 14 to 19 tasks from CYBERCOM.
“The end result is to provide unity of command and unity of effort across the entire DoD network. What does that mean? First and foremost, we have an identified, agreed upon and approved command and control framework with 39-plus — because it seems every time we turn around we find a different organization that needs to be a part of this framework — 39 organizations that we will be building this capacity and capability from a command and control standpoint,” Deputy Commander of JFHQ-DoDIN Brig. Gen. Robert Skinner said in April.
The headquarters will reach full operating capability sometime in 2016, Skinner said.
It is not particularly surprising that JFHQ-DoDIN has performed almost one named operation per month since reaching IOC considering the cyber environment.
The government is constantly barraged by cyberattacks, especially from Russia and China. Most notably this summer China hacked the Office of Personnel Management and compromised 22 million federal workers’ personal data. One of DoD’s email systems was also recently breached.
DoD Principal Deputy Chief Information Officer David DeVries said government and industry are going through a cataclysmic change when it comes to cybersecurity, during his speech at the same event.
“The Sony [cyberattack], changed things, the Target event changed things, how many more events do we need to help change things? … This is about us facing common things here. The banking industry was very secure in running their own networks and connecting their brick buildings together by their own network. Now they are getting into ‘Oh that’s not as secure as I thought it was, I need to go into more of the IP base and I need to get the security side of the house in there,” DeVries said. “The internet was never designed to be secure.”
DoD has invested in the Joint Regional Security Stacks (JRSS) as one barrier against cyberattacks. JRSS is a suite of equipment that can detect intrusions, act as a firewall, manage enterprise systems and perform routing and forwarding functions.
JRSS reduces points where hackers can access the system and has built in sensors that detect attacks. Lynn said DoD can see attacks in real-time and is now putting together a way to collect data analytics on the attacks.
DoD will have a total of 25 JRSS hubs, 11 within the United States. Four of those hubs in the United States will be operational in December. DISA is now working with the services to migrate their systems to JRSS, Lynn said.
“The military departments are a little uncomfortable with it because we’re sharing a router stack in there and DISA is a little uncomfortable with it because we’re sharing that router stack with the military departments. So we think we’ve got it about right, everybody is a little uncomfortable. Really, because it’s the first time we’ve been truly, truly joint like this,” Lynn said.
Lynn added that a great opportunity for industry is in the Joint Migration Teams for JRSS. Every base post station needs to migrate to the JRSS, Lynn said, and each station has a lot of entities on it.
“To do that you’ve got to bring them over one at a time and you’ve got to really build that capability into the JRSS, so we’ve got Joint Migration Team on the DISA side of it and the Service Migration Team. I think there’s going to be growth in that area,” Lynn said. “There’s a need for more teams because we want to move faster.”