The Pentagon’s Transportation Command (TRANSCOM), a major target of cyberattacks, has refined its network and its dealings with private companies to fend off an increasing number of intrusions, its commander said.
TRANSCOM appears to be the most-attacked U.S. military command, at least in part because of the volume of work it does with industry in an unclassified computing environment, Commander Air Force Gen. William Fraser told the Senate Armed Services Committee (SASC) yesterday. The committee has been concerned about intrusions into defense companies’ networks, and helped craft a new legal requirement that some contractors disclose cyber attacks.
Fraser said told the SASC that TRANSCOM had nearly 45,000 cyber intrusions in 2011, and then in 2012 that number quadrupled.
“We are and, best as I can tell, continue to be the most-attacked command,” the general testified. He described such intrusions as a “significant concern” that has prompted TRANSCOM to take “lot of action” through a multi-pronged, “holistic approach.”
That includes working closely with commercial partners by holding three “very-well-attended” cybersecurity forums at TRANSCOM last year with chief executive and information officers of companies along with law-enforcement officials, he said.
The command works with many transportation and shipping companies to help support deployment operations.
“We focused on this cyber threat that is there,” Fraser said about the forums. “We were able to brief them, and to give them some information that they did not have before, and allow them to further go back and take a look at their networks and how they are working with us.”
As a result of such collaboration, TRANSCOM last year started writing into its contracts with industry “the need for us to have an understanding of what their information-assurance plan is,” he said.
“We were not directive in this, but we wanted to know, what are you doing to protect your network,” he said. Such contracts also include saying TRANSCOM wants “to have an agreement as part of a collaborative nature” to know when the companies’ networks were accessed by hackers who removed or modified data.
“So, we made sure that we had in the contracts that we would have this reporting that would come back to us,” he said. “When we get those types of reports, then we have a process and a procedure by which we ensure that law enforcement is advised, that we would offer any assistance that we have, and then we would stand up a team to determine what impact this might have had to our operations.”
TRANSCOM also modified its networking environment to reduce the number of “touchpoints” through which private companies connect with it. The idea was to develop a “secure enclave” with fewer such points of entry, Fraser said.
“This would enhance our abilities to have (a) defensive posture there, so that if people were trying to get into our network that would be able to see it, we could defend it,” the general said. He described this effort as successful, saying after it was undertaken TRANSCOM’s network has not had any “significant intrusions.”
In addition, the command also has reached out to other government agencies, “to ensure that we’re not missing anything in the defense of our network,” Fraser said.
SASC Chairman Carl Levin (D-Mich.) quizzed the TRANSCOM leader about these cyber efforts, and asked him to share examples of the cyber-attack-related contract language with the committee.
Yesterday’s discussion came as the Pentagon works on guidance to its commands for carrying out a requirement, in the fiscal year 2012 defense authorization act, for defense contractors with access to classified data to report cyber attacks to the government. President Barack Obama signed the law in January.
Fraser said he believes TRANSCOM is a prime target for hackers because 90 percent of the computing it does is on an unclassified network. Some work related to “sensitive operations or movement of sensitive or classified cargo” is done on hyper-secure networks, but most of the command’s dealing with contractors and commercial partners is done in the unclassified realm, he said.
Fraser added he believes TRANSCOM is infiltrated because it is unique, noting other nations do not have such transportation commands.
“There’s no other nation that can do what we do, and do it the way we do it in order to deploy, sustain, and then redeploy our troops, and respond in a timely manner in support of a humanitarian crisis to save lives, decrease human suffering, or respond to a crisis in another region where we’ve supported other (combatant commands),” he said. “And so I believe that there’s a learning that others want to know.”