Navy Short of Tools to Detect, Nab Cyberintruders
“The adversary reacts in days and hours. Today, we react in years,” said Kevin P. McNally, program manager for information assurance and cybersecurity (PMW 130) at the Space and Naval Warfare Systems Center.
“We’re doing whatever we can to speed that up,” he told reporters during an industry conference sponsored by the Armed Forces Communications and Electronics Association and the U.S. Naval Institute.
The program office acquires computer technologies for the Navy and specifically supports Fleet Cyber Command and 10th Fleet, which were established last year to oversee and execute Navy cyberspace operations.
McNally’s goal is to rapidly deploy new network infrastructure and capabilities to cyberwarriors within months.
“We’re trying to get to the point where we’re looking at providing defensive capabilities on a six-month to a year basis, which is pretty uncommon if you look at how we do acquisitions in the Defense Department,” he said. “That’s going to be one of our biggest challenges.”
It’s no secret that the Pentagon often takes years, sometimes decades, to buy a weapon system. The acquisition model works for procuring large-scale, high-stakes programs such as aircraft carriers and jet fighters.
But when it comes to cyberwarfare, officials are learning the hard way that the lengthy development cycle will not cut it.
“This is a different paradigm. Cyber is much faster and the technology is getting better and cheaper. At some point, we have to be willing to streamline that process even if it means there’s some risk associated with that, because otherwise you lose. You can’t react fast enough,” McNally said.
The Defense Department in 2008 banned the use of USB flash media for 15 months after a virus swept through Pentagon networks via infected thumb drives and memory sticks. That was a particular scenario in which officials should have been able to react faster, but could not because of the acquisition system.
“It has got to move a lot faster,” said Elissa J. Huffstetler, division head for the information assurance and engineering division at Space and Naval Warfare Systems Center Pacific. “We need to start looking at how to use what we already have to start picking up speed to block those threats. It’s a major initiative we need to be working on.”
Part of the solution is to buck the traditional defense acquisition system, officials said. Currently, procurement is accomplished by awarding large contracts to a single integrator who then assembles subcomponents into a weapon over the course of several years. The program office is trying to cut out the middleman on future acquisitions.
“I’m looking at products rather than large integrator contracts,” said McNally, who declined to elaborate further on any forthcoming requests for proposals.
The program office, which has responsibility for procuring architectures and tools for shore-based and at-sea networks, is striving to beef up the Navy’s computer network defense capabilities. Part of that is developing better sensors and filtering systems to give cyberwarriors better “situational awareness” of what takes place on the service’s networks.
“We have common operating pictures in air and surface and undersea [warfare],” said McNally. Commanders fighting in those domains often have a god’s eye view of the battlefield. They can pull up maps and computer databases that tell them exactly where troops are and what potential threats and enemies lie ahead of them. The service is trying to establish similar visibility in cyberwarfare, he said.
But there are challenges. The network battle space is not only vast but it also supports millions of operations per second. Cyberwarriors need tools to help them filter data and correlate events so that they can quickly distinguish a sailor’s access request from a hacker’s exploitation attempt.
“We need to also start looking at advanced sensors that deal with the insider threat,” said McNally. Those sensors will have to detect abnormal conditions on a network, such as information that might be flowing where it should not, in an environment where the user is permitted access.
To protect networks, software and hardware packages establish boundaries and utilize algorithm-based “signatures” to thwart known attacks. But they will not defend against the advanced persistent threat of skilled hackers who know how to slip by those protective measures.
It is the unknown attack that remains the biggest threat to cyberdefense. Speeding up the acquisitions process will help ameliorate the situation.
“We have a long ways to go,” McNally acknowledged.