To set the direction for the discussion of "Cyber Attacks are Borderless," at the 2017 Association of the US Army Annual Meeting Oct. 11 at the Warriors Corner, Maj. Gen. Garrett Yee, acting director, Cybersecurity , Chief Information Office G-6, presented the 2014 Sony cyberattack, attributed to foreign source, as an example of how cyber-attacks are actually borderless.
"We've always known that this has been happening and 2014 is when we saw that on a public, overt scale," said Yee.
The forum then examined aspects of how Army cyber operations have developed in the way of people, process and technology.
The Army created its own cyber branch — they (the Army) decided it was going to be an equivalent branch to armor, aviation — any of the other branches, said Brig. Gen. Joseph P. McGee, deputy commanding general, operations, Army Cyber Command.
"What that allows us to do, at a young age, is bring in a soldier, an officer, and eventually warrant officers and they can stay in that track the entire time. You can see how having someone who begins in cyber and stays in cyber throughout an entire career gives us a tremendous advantage," he said.
"We've created a cyber school down at Fort Gordon — it's part of the Cyber Center of Excellence. And that has become state-of-the-art and it's growing very rapidly."
The Army has made investments in personnel in other ways.
There is a requirement to have an operational headquarters to help synchronize support to the combatant commands.
"For the Army our three combatant commands we support are NORTHCOM, CENTCOM and AFRICOM," said McGee.
The Army invested more than 100 people to do that mission full time.
"For the last few years we've been spending a lot time building the force," said McGee. "The Army has met all its goals and now has 21 cyber mission teams and 20 cyber protection teams. We're looking forward to building another 21–11 in the National Guard and 10 in the (Army) Reserve.
"So for people, the Army has really invested a tremendous amount."
The biggest change in process, McGee said, "We were given a directive authority for cyber operations, which means that if you operate an Army network, Army Cyber has the authority to give you instructions about what you're doing on the network. Where this is really important is in the face of a crisis or significant attack."
In the case of Wanna Cry attacks against the Army network in the spring, the authority allowed Army Cyber to direct quarantines, engineering patches, architecture management to minimize the threats to the network.
This allows the Army to operate within cyberspace as if it's a land domain, a sea domain or an air domain. It gives a commander the ability to direct and dictate actions within this operational domain.
Regional cyber center
Underneath Army Cyber Command, McGee said, "We have five regional cyber centers. They work very closely with the signal unit to make sure they're run effective and securely."
The command center readiness inspection process is this attempt by the Army to get from a very low level of cyber security to raise up our levels. It combines technical measures; it combines physical security measures and the idea is to get the Army to a baseline of standards.
"Now we're doing a much more robust, more rapid, little to no notice before they start doing these checks to make sure there's compliance," said McGee.
"We'll talk just a little bit about technology," said Yee. "The first thing is end point security, which is Windows 10 — that struggle is real. By the end of March 2018, the Army will have migrated to Windows 10 for all the office IT systems. We know that Windows 10 has a much more secure end point capability for us."
Another undertaking is the basic upgrade of the installation campus area network. It replaces all the old switches, routers that have out of date security configurations because each device is a cybersecurity vulnerability for us and a way for an insider or an outsider to get into the network. Locking down the infrastructure is paramount to securing the networks.
"The other thing we are doing is migration to the joint regional security stacks, or JRSS," said Yee. "We've now migrated over 100 installations behind the JRSS.
"The JRSS is a firewall on steroids. All those installations that used to have separate points of presence into the internet are now behind these large, sophisticated, high-powered JRSS.
"We'll continue to do that and shrink our cybersecurity footprint."
The role of industry
"The thing I always ask our industry partners to do is get to know us," said Yee. "Get to know how we are challenged. Get to know our unique problem set. If you can get to know us, then we'll be in a better position to work together."
McGee said much of the expertise is predominantly in the civilian sector.
"Part of our responsibility is to being able to bring these technologies over from civilian industry and make them effective for our space," said McGee. "How do we develop those pathways where people from industry can come in the military, spend some time, work with us and then go back to industry? I think in the long run, this is what we want to be able to achieve — have the best people working for the Army when we're doing cyber operations."
Talent and analytics
Addressing currency and talent management, McGee pointed to the cyber school where he said there is a concerted effort to make sure operators are informing the classes, the curriculum changes as rapidly as possible to adopt the technology and the emerging techniques, tactics and procedures of adversaries and best practices from industry coming in.
"We invite outsiders to come in and look and we've got some of our training contracted out with industry leaders to make sure it's staying relevant," said McGee. "We're doing everything we can to make the pay structure and bonuses, incentives higher than what they are right now.
"There is always going to be a gap between what the government can pay and what the civilian world can pay. And in that gap what we fill it with is all the things that keep people in the military — the people that you work with, the sense of purpose that it gives and the sense of patriotism that you want to contribute back."
Training with industry
The training with industry programs we have right now need to continue to change so we're actually embedded with cutting edge companies that are on the forefront of innovation, said McGee.
"I think we have to find a way to bring people to come and do fellowships within the Army," he said.
Yee indicated that DoD does have a program in place where it brings individuals from the private sector into DoD and where we place members of the DoD into private sector positions for a limited duration, usually for 6-12 months.
"Right now, the program is limited to about 10 personnel each year" said Yee.
"We're launching a pretty extensive internship program now that I think has a tremendous amount of long term value — finding students in colleges, attracting them and making a commitment so they come and do internships with us," said McGee. "We work the security process for them over a series of a year and then when they graduate they come and work for Army cyber at large. So I think there are tremendous opportunities there."
For more information, visit:
• Army Research Lab
• Army News Service