Nearly all programs within the Army’s Defensive Cyber Operations — part of its Program Executive Office Enterprise Information Systems — deal with data in in one way, shape or form. Much of the PEO-EIS mission involves interpreting that data, as well as finding, mitigating and defeating threats.
On the tactical side of the enterprise network, Taylor’s office uses Deployable DCO System (DDS) modular, which is “the prime weapon system of the cyber protection team.”
“Whenever there’s a threat identified or believed to be some type of intrusion, those cyber protection teams, or CPTs, will take that kit and go on site and start doing their DCO mission,” he said on Federal Monthly Insights — Cybersecurity (and aggregating cyber-related data). It allows cyber teams to remote in — using software tools — rather than deploy to a location physically to conduct a DCO mission.
Sometimes that data is analyzed in more depth and fed into the Army’s Big Data Platform, called the Gabriel Nimbus. It’s a system designed to store and visualize large data sets, and it’s also a way to link the tactical side of the enterprise network up to the strategic level where it aids decision making, Taylor said.
The Big Data Platform solves a large portion of the siloed data problem which has plagued not only the Army but nearly every corner of the federal cyber workforce. But a major topic of conversation has been the point at which data is generated. Taylor said PEO-EIS will work on open data standards or standards to make data understandable for analytics over the next couple of years.
Defense Cyber Operations deals with levels of data, the lowest being the DDS modular teams. Taylor said these are housed in an “armory.” While this armory has more software than ammunition, it is similar in the sense that some deployable cyber kits are “hot” and pre-loaded with standard components to configure quickly.
The next level up are garrison defense platforms, which hold data for a longer period of time. Those can be aged off as tactics and procedures determine.
Then comes the strategic level, where decisions about what data and how much of it to keep are determined. In an ideal environment devoid of cost constraints, Taylor said all data could be kept and readily accessible at all times. But that is not the reality for the Army.
“And even at the strategic level, we do age certain data off it. Depending on the importance level and how much that data is accessed is a determination of when it gets aged off, where it gets dropped on the floor,” he said on Federal Drive with Tom Temin.“Or even if it’s not readily accessible, we will put it into a cold storage status, where it can be compressed and held for long periods of time.”
The Gabriel Nimbus team, which is based out of Fort Gordon, Georgia, work closely with the data as programmers develop basic quick scripts or quick apps. And Taylor said that might work if they need a quick answer, but for more robust analytics Gabriel Nimbus will need industry’s help.
“It sometimes takes more time for industry to generate some of those larger apps. But their technical expertise is available to assist those cyber warriors to maybe do some of those scripts in a DevSecOps-type format or timeline,” he said.