SCOTT AIR FORCE BASE, Ill. --- The new Joint Cyber Center here at U.S. Transportation Command is helping protect against persistent cyberattacks while ensuring secure, uninterrupted access to the networks that underpin the command’s global mission.
Transcom gets more cyber attacks than nearly every other U.S. combatant command. The command experienced 44,551 “computer network events” during 2011 alone, and intrusion attempts are increasing, Air Force Gen. William M. Fraser III, Transcom’s commander, told Congress earlier this year.
Those breaches, if not detected and defeated, could bring the military’s global transportation and distribution enterprises to their knees.
Unlike most combatant commands that interface primarily with other secure military and government networks, Transcom relies heavily on commercial partners that deliver 70 percent of its supplies and passengers around the world, Fraser told legislators.
Ninety percent of the command’s distribution and deployment transactions are conducted in cyberspace, he said, much of it using unclassified and commercial systems lacking the safeguards provided on dot-mil and dot-gov networks.
“We are very cognizant of the fact that U.S. Transcom movements represent an Achilles’ heel for U.S. power projection en route,” said Air Force Lt. Col. Robert Hume, the Joint Cyber Center’s intelligence branch chief. “If that is where you want to disrupt what the U.S. military does, that is where you go.”
Recognizing this vulnerability, Fraser identified unfettered access to secure information networks as one of four major focus areas in the command’s recently released five-year plan.
“Every day, U.S. Transcom operates in a cyber domain that is increasingly at risk,” he noted in releasing the plan. “Cyber defense is a command imperative. We must be much more proactive in protecting our information technology infrastructure and the credibility of the information we exchange with our allies and national partners.”
The new Joint Cyber Center, established last spring, is taking the lead in this endeavor.
As part of the Defense Department’s new cybersecurity strategy, Defense Secretary Leon E. Panetta last May directed every combatant command to stand up such a center, explained Air Force Col. David Johnson, chief of Transcom’s Joint Cyber Center.
Secure cyber networks are vital to every combatant command, “whether it is a geographic combatant command fighting the war or a functional combatant command moving materials around the world,” Johnson said. “Information is how you provide the direction to your sub-units.”
Panetta gave the combatant commands free rein to organize their centers based on their own requirements, spelling out 65 specific tasks to accomplish. He designated a transitional evaluation period to determine which structure proved most effective.
Transcom already had a running start when Panetta’s mandate came down. About 10 years ago, far-sighted leaders at the command established an informal joint cyber center to protect their networks. That framework brought together the command’s plans and operations, communications and intelligence capabilities to confront the cyber challenge.
“So when we stood up our [Joint Cyber Center], all we really did was take the three entities that already existed and were working together and put them into the same office,” Johnson said. “The relationships were already there.”
The new JCC operates as a 24/7 command-and-control center, focusing on three basic functions, he explained. Working with other elements of Transcom’s Command, Control, Communications and Cyber Systems directorate, its members help secure the command’s information networks and help its partners secure theirs. The JCC also directs defensive operations to protect these networks and offensive operations to stop cyberattacks in progress.
Johnson emphasized that unlike other combatant commands that could use offensive cyberspace operations to create a battlefield effect, Transcom concentrates primarily on defensive operations. Offensive cyberspace operations, if required, would be conducted by U.S. Cyber Command, and only to defend against an attack, he said.
“We are aware what is available to us, and have the capability to use it. But we don’t see ourselves using it the same way that geographic combatant commands do,” Johnson said. “We look at the capabilities on the offensive side primarily to beef up our defense.”
Johnson called Transcom’s decision to maintain an embedded intelligence cell within the JCC one of its strengths. “It gives us incredible insight into enemy capabilities and intent,” he said.
Intelligence experts are “quite literally analyzing, in near-real time, the activity on our networks, and they are able to see enemy activity and react to it,” Johnson said. “We understand the adversary, and we understand what he is doing faster than most of the networks in the Department of Defense.”
Facing “a persistent and pervasive threat to our mission networks and those of our commercial partners,” Hume said Transcom does “a very good job at detecting, characterizing and thwarting this activity.”
The command’s efforts recently garnered Transcom the National Security Agency’s prestigious Frank Byron Rowlett Award for excellence in information systems security. Transcom has been a finalist in the competition for the last three years and won first place in 2003.
But despite a strong track record, Hume recognized that “your networks and your data are only as strong as your weakest link.”
To reinforce those weakest links, Transcom established a chiefs of information forum to help contractors improve their information assurance practices. The command’s acquisition directorate stood up a commercial executive advisory board to educate commercial vendors about the cyberthreat, and changed language in Transcom contracts to hold contractors to specific standards in protecting their data systems.
Transcom also is considering creating a secure network for non-DOD contractors to use for communications concerning command missions.
Contractors, recognizing their own vulnerability, are anxious to strengthen their cyberdefenses, Hume said. “This is a two-way street in that adversaries attempting to leverage access to [contractors’] networks to gain access to U.S. government data also enables them to gain access to their own corporate data and theoretically, undermine their business models,” he said.
Johnson emphasized the fine line between espionage and a cyberattack.
“If I break into your system and see what you are doing, it is only one more keystroke to disrupt what you are doing, because I am already into your network,” he said. “People don’t understand that once they are in there spying, it is exceptionally easy to change what they are doing and attack. It is just a matter of intent.
“And that is something we are cognizant of every day here at Transcom,” Johnson continued. “It’s a recognition that guides everything the JCC does.”