Cyber Attack: The Department Of Defense s Inability To Provide Cyber Indications And Warning

Similar documents
Contemporary Issues Paper EWS Submitted by K. D. Stevenson to

Independent Auditor's Report on the Attestation of the Existence, Completeness, and Rights of the Department of the Navy's Aircraft

Aviation Logistics Officers: Combining Supply and Maintenance Responsibilities. Captain WA Elliott

Intelligence, Information Operations, and Information Assurance

Infantry Companies Need Intelligence Cells. Submitted by Captain E.G. Koob

White Space and Other Emerging Issues. Conservation Conference 23 August 2004 Savannah, Georgia

Battle Captain Revisited. Contemporary Issues Paper Submitted by Captain T. E. Mahar to Major S. D. Griffin, CG 11 December 2005

Improving the Quality of Patient Care Utilizing Tracer Methodology

The Fully-Burdened Cost of Waste in Contingency Operations

Social Science Research on Sensitive Topics and the Exemptions. Caroline Miner

Opportunities to Streamline DOD s Milestone Review Process

The Need for a Common Aviation Command and Control System in the Marine Air Command and Control System. Captain Michael Ahlstrom

Mission Assurance Analysis Protocol (MAAP)

The Need for NMCI. N Bukovac CG February 2009

DDESB Seminar Explosives Safety Training

terns Planning and E ik DeBolt ~nts Softwar~ RS) DMSMS Plan Buildt! August 2011 SYSPARS

Wildland Fire Assistance

ASAP-X, Automated Safety Assessment Protocol - Explosives. Mark Peterson Department of Defense Explosives Safety Board

Military to Civilian Conversion: Where Effectiveness Meets Efficiency

Rapid Reaction Technology Office. Rapid Reaction Technology Office. Overview and Objectives. Mr. Benjamin Riley. Director, (RRTO)

Panel 12 - Issues In Outsourcing Reuben S. Pitts III, NSWCDL

Shadow 200 TUAV Schoolhouse Training

INSIDER THREATS. DOD Should Strengthen Management and Guidance to Protect Classified Information and Systems

Required PME for Promotion to Captain in the Infantry EWS Contemporary Issue Paper Submitted by Captain MC Danner to Major CJ Bronzi, CG 12 19

Electronic Attack/GPS EA Process

DoD Cloud Computing Strategy Needs Implementation Plan and Detailed Waiver Process

AUTOMATIC IDENTIFICATION TECHNOLOGY

Redefining how Relative Values are determined on Fitness Reports EWS Contemporary Issues Paper Submitted by Captain S.R. Walsh to Maj Tatum 19 Feb 08

The Affect of Division-Level Consolidated Administration on Battalion Adjutant Sections

Integrated Comprehensive Planning for Range Sustainability

Dynamic Training Environments of the Future

Cerberus Partnership with Industry. Distribution authorized to Public Release

Biometrics in US Army Accessions Command

Area Fire Weapons in a Precision Environment: Field Artillery in the MOUT Fight

United States Army Aviation Technology Center of Excellence (ATCoE) NASA/Army Systems and Software Engineering Forum

The Coalition Warfare Program (CWP) OUSD(AT&L)/International Cooperation

USMC Identity Operations Strategy. Major Frank Sanchez, USMC HQ PP&O

CRS prepared this memorandum for distribution to more than one congressional office.

Improving ROTC Accessions for Military Intelligence

AFCEA TECHNET LAND FORCES EAST

MAKING IT HAPPEN: TRAINING MECHANIZED INFANTRY COMPANIES

Fiscal Year 2011 Department of Homeland Security Assistance to States and Localities

New Tactics for a New Enemy By John C. Decker

Report No. D September 25, Controls Over Information Contained in BlackBerry Devices Used Within DoD

Afloat Electromagnetic Spectrum Operations Program (AESOP) Spectrum Management Challenges for the 21st Century

ASNE Combat Systems Symposium. Balancing Capability and Capacity

Engineering, Operations & Technology Phantom Works. Mark A. Rivera. Huntington Beach, CA Boeing Phantom Works, SD&A

Perspectives on the Analysis M&S Community

The Advantages of Commercial Satellites versus Military Satellites. Captain Thomas J. Heller

at the Missile Defense Agency

The Need for a New Battery Option. Subject Area General EWS 2006

Defense Health Care Issues and Data

Unexploded Ordnance Safety on Ranges a Draft DoD Instruction

ALLEGED MISCONDUCT: GENERAL T. MICHAEL MOSELEY FORMER CHIEF OF STAFF, U.S. AIR FORCE

Laboratory Accreditation Bureau (L-A-B)

Engineered Resilient Systems - DoD Science and Technology Priority

Improving the Tank Scout. Contemporary Issues Paper Submitted by Captain R.L. Burton CG #3, FACADs: Majors A.L. Shaw and W.C. Stophel 7 February 2006

Office of the Assistant Secretary of Defense (Homeland Defense and Americas Security Affairs)

Software Intensive Acquisition Programs: Productivity and Policy

Report No. D May 14, Selected Controls for Information Assurance at the Defense Threat Reduction Agency

DoD Countermine and Improvised Explosive Device Defeat Systems Contracts for the Vehicle Optics Sensor System

The Effects of Multimodal Collaboration Technology on Subjective Workload Profiles of Tactical Air Battle Management Teams

Marine Corps' Concept Based Requirement Process Is Broken

Office of Inspector General Department of Defense FY 2012 FY 2017 Strategic Plan

Military Health System Conference. Putting it All Together: The DoD/VA Integrated Mental Health Strategy (IMHS)

Report Documentation Page

US Coast Guard Corrosion Program Office

2011 USN-USMC SPECTRUM MANAGEMENT CONFERENCE COMPACFLT

A Military C2 Professional s Thoughts on Visualization

Tim Haithcoat Deputy Director Center for Geospatial Intelligence Director Geographic Resources Center / MSDIS

DOD Native American Regional Consultations in the Southeastern United States. John Cordray NAVFAC, Southern Division Charleston, SC

Marine Corps Mentoring Program. Contemporary Issues Paper Submitted by Captain T. D. Watson to CG #10 FACAD: Major P. J. Nugent 07 February 2006

Report No. DODIG December 5, TRICARE Managed Care Support Contractor Program Integrity Units Met Contract Requirements

Department of Defense DIRECTIVE

Shallow-Water Mine Countermeasure Capability for USMC Ground Reconnaissance Assets EWS Subject Area Warfighting

THE GUARDIA CIVIL AND ETA

Smart Power Infrastructure Demonstration for Energy Reliability and Security (SPIDERS)

Mission Task Analysis for the NATO Defence Requirements Review

Staffing Cyber Operations (Presentation)

Chief of Staff, United States Army, before the House Committee on Armed Services, Subcommittee on Readiness, 113th Cong., 2nd sess., April 10, 2014.

Submitted by Captain RP Lynch To Major SD Griffin, CG February 2006

United States Military Casualty Statistics: Operation Iraqi Freedom and Operation Enduring Freedom

Blue on Blue: Tracking Blue Forces Across the MAGTF Contemporary Issue Paper Submitted by Captain D.R. Stengrim to: Major Shaw, CG February 2005

Sustaining the Marine Corps Martial Arts Program. EWS Contemporary Issues Paper. Submitted by Captain G.S. Rooker. Major Gelerter / Major Uecker, CG#3

Munitions Response Site Prioritization Protocol (MRSPP) Online Training Overview. Environmental, Energy, and Sustainability Symposium Wednesday, 6 May

712CD. Phone: Fax: Comparison of combat casualty statistics among US Armed Forces during OEF/OIF

Make or Buy: Cost Impacts of Additive Manufacturing, 3D Laser Scanning Technology, and Collaborative Product Lifecycle Management on Ship Maintenance

The Security Plan: Effectively Teaching How To Write One

DoD CBRN Defense Doctrine, Training, Leadership, and Education (DTL&E) Strategic Plan

U.S. ARMY EXPLOSIVES SAFETY TEST MANAGEMENT PROGRAM

Applying the Goal-Question-Indicator- Metric (GQIM) Method to Perform Military Situational Analysis

MILITARY MUNITIONS RULE (MR) and DoD EXPLOSIVES SAFETY BOARD (DDESB)

AFRL-ML-WP-TP

Army Aviation and Missile Command (AMCOM) Corrosion Program Update. Steven F. Carr Corrosion Program Manager

NORAD CONUS Fighter Basing

U.S. ARMY AVIATION AND MISSILE LIFE CYCLE MANAGEMENT COMMAND

Air Education and Training Command

Concept Development & Experimentation. COM as Shooter Operational Planning using C2 for Confronting and Collaborating.

2010 Fall/Winter 2011 Edition A army Space Journal

Drinking Water Operator Certification and Certificate to Operate Criteria/Requirements for US Navy Overseas Drinking Water Systems

Transcription:

Cyber Attack: The Department Of Defense s Inability To Provide Cyber Indications And Warning Subject Area DOD EWS 2006 CYBER ATTACK: THE DEPARTMENT OF DEFENSE S INABILITY TO PROVIDE CYBER INDICATIONS AND WARNING Submitted by Captain D. M. Rock CG # 5, FACAD: Major D. R. Wright 7 February 2006

Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number. 1. REPORT DATE 07 FEB 2006 2. REPORT TYPE 3. DATES COVERED 00-00-2006 to 00-00-2006 4. TITLE AND SUBTITLE Cyber Attack: The Department Of Defense?s Inability To Provide Cyber Indications And Warning 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) 5d. PROJECT NUMBER 5e. TASK NUMBER 5f. WORK UNIT NUMBER 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) United States Marine Corps,Command and Staff College, Marine Corps University,2076 South Street, Marine Corps Combat Development Command,Quantico,VA,22134-5068 8. PERFORMING ORGANIZATION REPORT NUMBER 9. SPONSORING/MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSOR/MONITOR S ACRONYM(S) 12. DISTRIBUTION/AVAILABILITY STATEMENT Approved for public release; distribution unlimited 13. SUPPLEMENTARY NOTES 14. ABSTRACT 11. SPONSOR/MONITOR S REPORT NUMBER(S) 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT a. REPORT unclassified b. ABSTRACT unclassified c. THIS PAGE unclassified Same as Report (SAR) 18. NUMBER OF PAGES 9 19a. NAME OF RESPONSIBLE PERSON Standard Form 298 (Rev. 8-98) Prescribed by ANSI Std Z39-18

CYBER ATTACK: THE DEPARTMENT OF DEFENSE S INABILITY TO PROVIDE CYBER INDICATIONS AND WARNING INTRODUCTION The Department of Defense (DoD) is currently unable to provide Indications and Warning (I&W) of cyber attacks against the DoD Global Information Grid (GIG). In the cyber world there is generally very little forewarning of a threat. Most of the DoD s Computer Network Defense (CND) actions are reactionary, only initiated once an attack or probe has occurred. In order to provide warning of potential cyber attacks, capabilities within the DoD's Intelligence Community (IC) must be expanded. By improving the IC's collection capabilities in the cyber world through transforming traditional intelligence disciplines like Human Intelligence (humint) and Signals Intelligence (sigint) to better collect in a cyber environment IC will be able to provide I&W of future cyber attacks. The anatomy of a cyber attack Generally, a cyber attack will not be perpetrated from the place of origin. A hacker will jump through many 1

computers across the world before actually attacking a network. This method allows a hacker to disguise the true origin of the attack. Therefore, an attack from a hacker in a particular country might not appear to come from that country. If the IC does not know where the attack originated, who is responsible, and what their intentions are it will not be able to provide warning and help reduce or stop cyber attacks. A significant amount of money and effort is being focused on Computer Network Operations (CNO), and, in particular, CND. One of these efforts resulted the creation of the Joint Task Force-Global Network Operations (JTF-GNO), which is the focal point for CND within the DoD. 1 The JTF-GNO mission is to provide a common defense of the GIG. However, this is no small task. The GIG is made up of more than 12,000 local area networks, roughly three million computers, and five million users. 2 Additionally, the services and agencies within DoD maintain their own networks and use a wide variety of equipment and procedures 1 U.S. Strategic Command, "Joint Task Force-Global Network Operations," Factsheet, URL:<www.stratcom.mil>. Accessed 20 November 2005. 2 Patrick Chrisholm, Global Network Gaurdians, Military information Technology, URL:< www.military informationtechnology.com>. Accessed 30 November 2005. 2

in the operation of these networks. The JTF has greatly increased coordination between DoD components and has operational control (OPCON) for CND missions. However, exercising their authority has proven difficult. Despite such efforts as the JTF-GNO there is a long way to go before the IC can provide I&W of cyber attacks. The ability to provide true I&W of cyber attacks will help ensure the protection of the DoD s critical infrastructure and allow the department to focus on its mission. Additionally, this forewarning will allow the DoD to greatly reduce the wasted man-hours and money that is spent reacting to attacks once they have already occurred. WHAT ARE THE THREATS The cyber threat to DoD comes from hackers. Hackers are categorized into two categories: state and non statesponsored hackers. Both pose a significant threat to DoD information systems; however, their motivations for targeting the DoD can vary greatly. Additionally, the resources at their disposal vary considerably too. Foreign governments and State-sponsored hackers 3

Due to the amount of resources that they have at their disposal, state sponsored hackers pose the most serious threat to the DoD s information systems. Recently, series of ongoing intrusions into DoD and U.S. government information systems called Titan Rain highlight this. The Titan Rain intrusions, which are believed to have originated from China, were carried out in a methodical manner and required a highly sophisticated set of technical skills. 3 The hackers appeared to be conducting continuous 24 by 7 operations, which implied that they worked in shifts. A non state-sponsored hacker would not have the resources to conduct these types of operations. Foreign government use these types of operations to gather military and economic intelligence on the U.S. 4 The information gained on DoD networks could allow a foreign government to degrade, disrupt, or destroy information systems critical for the DoD to carry out its mission during a conflict. Non state-sponsored hackers Non state-sponsored hackers are a credible threat to DoD information systems as well. Typically, these hackers 3 Time article need to get citation 4 Government Accounting Office, Economic Espionage: Information on Threat From U.S. Allies, (Washington DC, 1996), 4

will target the DoD for ideological reasons or for the challenge of breaking into a difficult network. Although these hackers lack the resources of their state-sponsored counterparts they have shown the ability to successfully penetrate and cause significant damage to DoD networks. WHAT IS THE INTELLIGENCE COMMUNITY DOING ABOUT IT Today the IC is able to provide the CND community with information about a particular country or group's intent and capabilities in regard to offensive CNO (ie: can they attack successfully against DoD networks). However, recent studies have shown that not just non-friendly countries conduct exploitation against DoD networks, but allied countries are conducting significant activity as well. 5 INDICATIONS AND WARNING IN THE CYBER WORLD The DoD has to take a more aggressive collection posture in order to provide the I&W needed to prevent these widespread intrusions into its networks. Currently the majority of the DoD s collection capabilities reside on the 5 Government Accounting Office, Economic Espionage: Information on Threat From U.S. Allies, (Washington DC, 1996), 5

networks in the form of intrusion detection systems, firewalls, and antivirus software. However, the focus should not be on its own networks, instead the DoD should be oriented outward. DoD intelligence collection should be focused on identifying threats before they intrude into the networks. This can be achieved through transforming traditional intelligence disciplines such as HUMINT and SIGINT to collect intelligence in the cyber world. Sigint Sigint is uniquely qualified to collect against cyber threats. The cyptologic field has been targeting communication networks for as long as there have been communication networks. Cyber operations are a natural extension of sigint and this is why most computer network operations are carried out by sigint personnel. By leveraging sigint assets to place collection sensors on the Internet and within enemy networks the IC will be able to identify threats before they penetrate DoD networks and exfiltrate sensitive and/or possibly classified information. Humint 6

Humint operations, which are traditionally done through personal interaction can be utilized to support the defense of the DoD GiG. Instead of personal interaction, case officers can use the Internet to interact with hackers. This method of collecting information is far less costly than conventional humint operations, which require a lot of time and resources to recruit sources and establish background for case officers. Utilizing humint for supporting cyber operations can be invaluable for providing I&W of future cyber attacks. INCREASED CAPABILITIES SOONER RATHER THAN LATER The DoD has made great advances towards improving CND intelligence over the past few years. In May 2005, the JTF-GNO became fully operational. Additionally, the services are becoming more accepting the JTF s authority to dictate actions on their networks. However, DoD still has no ability to provide I&W of cyber attacks. General Cartwright, the Commanding Officer of U.S. Strategic Command recently stated that although the JTF-GNO has made a lot of progress there are still hundreds of intrusions 7

into DoD systems every day. 6 The DoD is becoming a more Network-Centric force relying heavily on networked information systems to perform its tasks. As the forces dependency grows on these networks to operate, the threat of cyber attacks increase as well. The DoD needs to take immediate steps to focus its intelligence collection outward and transform traditional intelligence disciplines like sigint and humint to meet the challenges of an ever-increasing networked world. Word Count: 1227 6 Geoff Fein, JTF Global Network Operations Achieves Full Operational Capability, C4I News, 26 May 2005, 1. 8

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback