By Calvin Biesecker
As the military services work to establish full operational capability (FOC) this fall for their newly established cyber commands, achieving real-time situational awareness of threats to their respective computer and information networks remains a key challenge, service officials said last week.
The Air Force is “nowhere near having situational awareness but we’re working to get there,” Col. Robert Skinner, commander of the 688th Information Operations Wing, 24th Air Force, said at Defense Daily‘s Cyber Security Summit on Friday. The 24th Air Force is the Air Force Cyber Command, which achieved its initial operational capability last December.
Each of the service’s cyber commands are slated to achieve FOC on Oct. 1.
Right now the Air Force has “static maps” of its networks that provide some situational awareness, but it needs to be able to “support auto discover and auto real-time configuration manageable networks” to improve situational awareness,” Skinner said.
The same could be said for the Navy.
“We’re trying to move from a very reactive mindset primarily based upon the way we’ve built our networks to a more dynamic and predictive analysis so that we understand where malware is being populated, where botnet populations exist, etcetera,” said Capt. Scott Robinson, chief of staff for the Navy’s Fleet Cyber Command.
Fleet Cyber Command officials have been touring internet service providers to see how they manage their global networks to understand the tools that are available to defend its networks, Robinson said.
“Things that we’re specifically trying to understand, visualization of information in a network in a dynamic sense, knowledge and information management, data storage, principles that we have to understand so that we can defend our network properly and on a real-time basis,” Robinson said. “Those are main drivers that we’re looking at.”
One of the challenges within the Navy is assuring command and control “but offense is viewed as the priority,” Robinson said in his briefing slides. However, he said that “if we don’t get defense right, especially looking at these other systems, that attack mission is something I can dream about in the future but it’s not really relevant because if we don’t protect the existing systems we have and the IP (Internet Protocol) interfaces to them, then we might be dead in the water so we don’t want to go that way.”
The Army also needs to find a way to develop a common operating picture of its networks to be able to assess threats, said Lt. Col. Timothy Chafos, the plans officer for the Army Intelligence and Security Command.
The services’ concerns with establishing real-time situational awareness of cyber threats mirrors the challenge seen by the commander of the new U.S. Cyber Command, Army Gen. Keith Alexander. He said earlier this month that establishing situational awareness of the military’s computing networks is one of his primary challenges (Defense Daily, June 4).
The service officials said their respective cyber commands are on their way to achieving FOC in October but there is a long way to go.
Between now and FOC there will be a lot of inspections and evaluations, Skinner said. Depending on “your definition of FOC,” it’s unlikely that it will be “perfect” and “it won’t be 100 percent” but with the help of industry and academia the Air Force will get there, he said.