Monitoring the Navy’s daily electronic communications, Petty Officer
James Smith, a cryptologic technician on the Naval Computer Incident Response
Team, spotted the intrusion. Not much to look at—just lines on a graph—it
appeared to be a probe of the service’s computer network, not a malicious
cyber attack, said Petty Officer 1st Class Guy Huffman, the senior enlisted
man on duty.
The team, known as NAVCIRT, is part of the Naval Network Warfare Command, stood
up in July 2002 at Naval Amphibious Base Little Creek, Va., in part to prevent
and respond quickly to threats such as this.
“We get probes several times a day,” Huffman said. “It’s
mostly just hackers seeing how far they can get.”
The probes are nuisances, but they aren’t illegal, and they don’t
do any real damage, said NAVCIRT officer Lt. Cmdr. Mark Rollins. “It’s
not illegal for a stranger to check your front door to see if it’s locked,”
he explained. “But if he tries to go in, then he’s breaking the
Unlike probes, viruses and worms can inflict serious harm on computer networks,
he said. A virus is an intrusive program that infects computer files by inserting
into those files copies of itself. A worm is a kind of virus that spreads on
its own throughout networks, consuming memory or bandwidth and weakening computing
This summer, for example, the Navy Marine Corps Intranet was infiltrated by
the Welchia worm, which disrupted operations of about two thirds of the 100,000
or so computers in the NMCI system. (related story p. 42) The Welchia worm is
described as a “Good Samaritan” virus. Rather than corrupting or
deleting individual files, Welchia checks a computer for the Blaster virus that
hit the Internet in August. Then, it tries to check all of the other computers
in the domain, disrupting normal wide-area network activity.
It took about two days to clear the worm from the system, said Vice Adm. Richard
W. Mayo, head of the command, known as NETWARCOM.
“I think that’s a big endorsement for NMCI,” he told National
Defense. “If we didn’t have a coherent network like that, we’d
still be clearing that worm out of our computers today.”
NETWARCOM’s mandate is a broad one, Mayo said. The command is the equivalent
to the organizations that oversee the Navy’s surface, undersea and air
warfare activities, he said. Mayo reports directly to the head of U.S. Fleet
Forces Command, at Norfolk, Va.
NETWARCOM, Mayo explained, is the Navy’s central authority for network
and information operations in support of naval forces afloat and ashore. Its
NETWARCOM includes three shore activities under its authority—the Naval
Network and Space Operations Command at Dahlgren, Va.; the Fleet Information
Warfare Center at Little Creek, and the Naval Component Task Force for Computer
Network Defense in Washington, D.C. The entire organization has 6,853 officers,
enlisted personnel and civilians worldwide.
The Naval Network and Space Operations Command is itself a new entity. It was
established at the same time as NEWARCOM with the merger of elements of the
Naval Space Command in Dahlgren and the Naval Network Operations Command in
Initially, after its creation, NNSOC focused on providing naval space and network
support for the operations in Afghanistan and Iraq. The command’s regional
Naval Computer and Telecommunications Area Master Stations increased bandwidth
services. In some cases, the number of fleet units supported with classified
and unclassified network services and tactical satellite voice communications
were doubled. The job was a major one, Mayo said. The coalition fleet participating
in the Iraqi operation included more than 100 U.S. ships and 50 vessels from
more than 17 nations.
During the weeks that led to the beginning of operations in Iraq, NCTAMS transmitted
from 60,000 to 90,000 messages daily, more than double normal operations. The
NNSOC’s Remote Earth Sensing Information Center provided more than 250
image maps and digital data products on Iraqi airfields, port cities and waterways
to support Marine air operations, route planning and minesweeping activities.
Other existing Navy activities are taking on additional roles in support of
NETWARCOM. For example, the Space and Naval Warfare Systems Command, in San
Diego, is helping out in matters related to fleet support, and the head of the
Naval Security Group Command, at Fort Meade, Md., serves as the command’s
director of information operations.
The information operations role is an important one, Mayo said. “Information
operations is the ability to use information to your advantage and to deny it
to an enemy,” he explained. “You want free and rapid flow of information
among your forces, but not among the other guys.”
The Navy’s information operations (IO) include computer network defense,
electronic warfare, psychological operations, military deception and operational
security. The Fleet Information Warfare Center, founded in 1995, provides highly
trained IO teams to fleet staffs and naval units. It also develops IO doctrine
and tactics, and pioneers computer network defense and electronic warfare concepts
throughout the Navy.
One of the center’s operation, NAVCIRT, runs 24 hours a day, seven days
a week, with a staff of seven on each watch, looking for suspicious intrusions
into naval electronic communications. The team works in an anonymous, windowless
room, with an unmarked, locked door, which opens only with the correct code.
Inside the room are rows of powerful, highly classified computers, carefully
monitored by members of the team.
“We watch for cyber attacks, scans, probes—anything unusual,”
said Rollins. “Our incident handlers work with commands that are targeted.
We assist them in blocking the intrusion and tracking down the source.”
The Welchia incident, for example, is still under investigation, Mayo said.
“We want to see how it happened and prevent it from happening again,”
he said. “It could have come in electronically. It could have come in
a disk that somebody brought from home. We’ll get to the bottom of it.”
The Welchia infection is the first successful cyber attack that the Navy has
suffered since NETWARCOM was established, he said.
“We have pretty good visibility into these attacks,” Mayo said.
“And we have a pretty good read into evading them.”
In addition to defensive tactics, the command also goes on the attack, employing
psychological operations, Mayo explained. “Psychological operations is
historically an Army special operations mission,” he said. “But
in Operation Iraqi Freedom, the Navy dropped 10.9 million leaflets in Iraq.
We prepared them on Navy ships, and we dropped them from Navy aircraft.”
The aircraft carrier USS Constellation alone produced in excess of 6 million
leaflets, which then were delivered into Iraq by the ship’s aircraft,
Navy ships also are capable of conducting propaganda broadcasts on AM/FM radio
frequencies, Mayo noted. In 2000, FIWC personnel successfully tested a prototype
transportable AM/FM radio station aboard the USS Ashland (LSD 48). During the
Iraqi war, FIWC plugged commercial CD players into the standard high-frequency
transmitters aboard ships to broadcast canned psyop messages.
NETWARCOM is in the process of strengthening its relationship with the Army’s
psychological operations unit at Fort Bragg, N.C., Mayo said. “We’ve
established a Navy billet down there,” he said.
In September, NETWARCOM and SPAWAR co-sponsored Trident Warrior 03, the first
large-scale event in the development of FORCEnet—the Navy’s effort
to integrate information, sensors, platforms and sailors into a concept called
network centric warfare.
“FORCEnet is the centerpiece of our roadmap to the future,” the
chief of naval operations, Adm. Vern Clark, said during a briefing this summer
at NETWARCOM. “Once implemented, FORCEnet will effectively give war fighters
the knowledge of the battlefield to ‘know first’ and ‘act
first’—taking advantage of knowledge superiority over an adversary
to prevail in battle.”
FORCEnet “is really about turning data into information, and information
into knowledge, making sure that we have it and the enemy never gets it,”
Mayo said. “Ultimately, FORCEnet brings us to an environment where we
have total situational awareness, with very precise knowledge of enemy movements
and, when required, the ability to strike first. We emphasize the capability
to apply force.”
The goal of Trident Warrior 03 was to deliver a supportable, sustainable war-fighting
capability, complete with concept of operations and training to support the
commander of the USS Essex Expeditionary Strike Group, which is forward deployed
The strike group included the three ships normally assigned to the Essex Amphibious
Ready Group—the Essex (LHD 2), the USS Fort McHenry (LSD 43) and the USS
Harpers Ferry (LSD 49)—plus the USS Chancellorsville (CG 62) and the USS
John S. McCain (DDG 56). Embarked upon the Essex ARG were elements of the 31st
Marine Expeditionary Unit.
A specific objective was to deliver dynamic, multi-path and survivable networks
through infrastructures, such as Internet Protocol network quality of service,
wireless, ship-to-ship, line-of-sight and beyond-line-of-sight IP
networking, high-bandwidth IP satellite communications links and Marine Corps
These infrastructures are intended to enable leaders to prioritize information
on their networks, share a high-speed network that does not rely on satellites,
pull large files from shore commands and increase communications with Marine
Another objective was to provide distributed, collaborative command and control,
using automated systems to speed fire support and allow leaders to share the
same picture of the battlefield, with a precise location of friendly forces.
“If this works, what I want to see is how quickly we can replicate it
and get it out to the whole fleet,” Mayo said. “Innovation is a
big part of my job. What I call it is innovation and exploitation.
“One of the things that the CNO wants to see happen is rapid experimentation
with technology and concepts, so we can see what works and what doesn’t
It is important to move quickly, Mayo said. “We want speed, because the
essence of network-centric warfare is speed. Processing information and using
it before your adversary requires speed.
“We always want to be on the crest of the wave, never following it,”
Mayo said. “Look at start-up companies today: They don’t have 10
years to see if their idea works. If they don’t succeed within two years,
At a year and a half, NETWARCOM is still experiencing growing pains. Its headquarters,
with 103 people, is in a converted maintenance structure on Little Creek’s
waterfront, which is lined with amphibious assault ships just back from the
Iraqi War. Space that was used to service rusting, 135-foot-long landing craft
has been converted to air-conditioned offices for computer workstations.
The building, however, is not big enough to house the entire command headquarters.
Next door on the tarmac, 12 mobile homes have been linked to provide additional
space. Studies are underway for a larger permanent headquarters.