Twitter Facebook Google RSS
 
National Defense > Blog > Posts > Fearful of Cyber Attacks, Military Tightens Control Over Data Networks
Fearful of Cyber Attacks, Military Tightens Control Over Data Networks
By Sandra I. Erwin



To keep network intruders at bay, military agencies are shutting down pathways into their information systems and centralizing the control and management of data.

The current thinking is that by minimizing the number of points of entry into the military’s data networks, systems can be better defended. Over the past several years, cyber security officials have become alarmed by the difficulty of protecting the Defense Department’s mishmash of information systems. The scattered makeup of the information grid creates unlimited opportunities for hackers and spies to break in, military officials believe. They are convinced that the best way to ward off attacks is to consolidate existing networks into fewer systems that they can more tightly control.

The Air Force’s cyber command center so far has fused 120 network entry points into 16 gateways. “This already has improved our ability to secure the Air Force network, monitor traffic and provide defense in-depth,” Gen. William L. Shelton, commander of Air Force Space Command, said earlier this month. The command oversees cyber security programs for the entire Air Force.

To date, he said, the Air Force has migrated approximately 90 percent of 275 potentially vulnerable sites, affecting about 580,000 users. “We’ll be fully consolidated by the spring, and when finished, we’ll have a single enterprise network with consistent standards ... one that we can defend,” Shelton told a gathering of information technology executives in Northern Virginia hosted by AFCEA, an industry association.

Merging data systems can be a daunting task for the military, as thousands of networks over decades have popped up at individual installations, to support each base’s missions.

With a single consolidated network, it will be easier to track illegal activity and probe attacks, he said. Authorized users will employ a “common access card” to enter the Air Force network from any installation. For service members, there will be no need to establish new accounts every time they move.

Another element of the military’s cyber defense plan is to encourage agencies to treat data systems as if they were weapon systems, rather than mundane information technology. “Earlier this year we made a significant step when our chief of staff declared six of our cyber capabilities as weapon systems,” Shelton said. “That is another big step toward normalization.” Cyber systems, he said, are not weapons in the conventional sense, but they need to be seen as weapons systems in order to secure proper funding, Shelton said. “Just as the Air Force must invest in, maintain and sustain our air assets, we’re using the standard weapon system framework to source our cyber capabilities.     … The weapon system process and the sustainment discipline and funding protocols that go with it will help normalize this business.”

Efforts to realign information networks into fewer but better protected sites are taking place across the Defense Department. The Pentagon in 2013 kicked off a new initiative to standardize its 15,000 networks under a single “joint information environment.” The so-called JIE is a set of security protocols that presumably would make it easier to detect intrusions and identify unauthorized “insiders” who might be accessing a network. Officials said the JIE will make networks more secure and save the Defense Department billions of dollars by eliminating redundant, overlapping systems. The massive network integration project is overseen by the Joint Staff, U.S. Cyber Command, the Defense Information Systems Agency and the Pentagon’s chief information officer.

Shelton said Air Force Space Command spent several months investigating the JIE plan and its potential ramifications. “I felt it was important to look before we leapt,” he said. Air Force Space Command will manage “control nodes” for JIE at 10 Air Force bases.

Photo Credit: Thinkstock

Comments

Re: Fearful of Cyber Attacks, Military Tightens Control Over Data Networks

My name is Michael Nuccitelli Psy.D. C.F.C. and I’m a NYS licensed psychologist and certified forensic consultant. Your post was sent to me via Google Alerts and I’m writing to compliment you on your information addressing cyber terrorism. As author of a new Information Age Forensics construct, iPredator, I’m a cyberstalking, internet safety, cybercrime and cybercriminal psychology educator & consultant. Thank you for helping to educate online users about the dangers lurking in cyberspace and issues related to cyber terrorism.
Regards,
Michael Nuccitelli Psy.D., C.F.C.
NYS Licensed Psychologist
CEO, iPredator Inc.
Website: www.iPredator.co  
Email: drnucc@ipredatorinc.com 
Michael Nuccitelli Psy.D., C.F.C. at 12/31/2013 9:45 AM

Re: Fearful of Cyber Attacks, Military Tightens Control Over Data Networks

I believe that cyber intrusions are the most serious threat to our national safety and security, but do not see "a single enterprise network with consistent standards" as the strategy that will provide the most protection of our most critical systems and data, as discussed in this article. You think a "common access card" is an advantage... well, maybe it's an advantage for the most destructive hackers that want to infultrate our classified systems, spread malware through classified networks, take down or destroy networks and download classified data to their servers.  What good is being able to track illegal attacks once a classified network has been breached?  The damage is already started or done... What is needed are more preventative measures so the breach doesn't happen in the first place, and methods to track and locate the source(s) of the potential intrusion.  When you centralize classified data, it becomes easier for an ingenious hacker to get at the data.  Although there are understandable advantages for our combined military forces to have access to "joint information", the powers to be really have access what the ramifications and risks are if "joint classified information" is compromised and gotten into enemy hands.  I believe that decentralized systems are the way to go.  True, they do not make it easy for our military organizations to access and share the data they may require.  Decentralized networks can be made more secure, and access to them should be highly restrictive. Too many people are getting on the "need to know" list.  Many expert hackers are in their 20's, are foreign born, and many have been educated in some of the best universities in the U.S.  They can't be hired by our government agencies, so some go back to their native lands and work for their government and clandestine agencies against us.  The article says that entry points to networks have been significantly decreased, well how do they handle the entry points for blackberries and other wireless devices that so many military and their contractors have for communication and remote access to proprietary networks?  Those devices are a breeding ground for spreading viruses on networks... encryption is not enough of a safeguard.  When it comes to safeguarding our classified networks and data, it just makes sense to keep access highly restrictive, keep data and networks decentralized, and use multiple and complex methods to monitor and protect these classified networks.
JF at 1/6/2014 10:04 AM

Re: Fearful of Cyber Attacks, Military Tightens Control Over Data Networks

This article and the comments on it, I have to say, have resulted in a much needed spate of hilarity and laughter as I read (and re-read) them.

By centralizing the traffic _even more,_ from "120 network entry points into 16 gateways," everything that someone is "twying" to "secure" is just made more vulnerable.  Further compounding the problem is the "classification of everything," in spite of input and comments from the general public in 2012 that stated, for example, that "less classification and more public disclosure translates to less risk," during the rulemaking process on the "(DoD)-Defense Industrial Base (DIB) "Voluntary" Cyber Security and Information Assurance (CS/IA) Activities"  (for background on this, search for a well-reasoned article titled, "Who needs laws when you can just make an administrative rule?" by sosadmin), not to mention numerous comments from the declassification community (and many other folks) and the general rejection of the recommendations of the Public Interest Declassification Board, recommendations which should have been (at the very least) mostly implemented a long, long time ago. 

Another way to say this, is make more FRD, not more FUD!

To sum it up, the US government's approach to "securing" systems and security generally can (presently) be described as follows:

such security
very centralized
much fail

(Wow)

[[ but you know, keep doing the same thing,
because terrorism. :-0 ]]
Odinn at 1/19/2014 8:38 PM

Re: Fearful of Cyber Attacks, Military Tightens Control Over Data Networks

"By centralizing the traffic _even more,_ from "120 network entry points into 16 gateways," everything that someone is "twying" to "secure" is just made more vulnerable."

Debatable.

Which is more safe from intrusion: a house with six moderately guarded doors, or a house with just one door that is heavily guarded and locked?


Doug
http://dougvitale.wordpress.com/
Doug Vitale at 1/29/2014 10:13 AM

Add Comment

Items on this list require content approval. Your submission will not appear in public views until approved by someone with proper rights. More information on content approval.

Name: *

eMail *

Comment *

Title

Attachments

Name: *


eMail *


Comment *


 

Refresh
Please enter the text displayed in the image.
The picture contains 6 characters.

Characters *

  

Legal Notice *

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

 

 

Bookmark and Share