The new Joint Cyber Center here at U.S. Transportation Command is helping protect against persistent cyber-attacks while ensuring secure, uninterrupted access to the networks that underpin the command’s global mission.
TRANSCOM gets more cyber-attacks than nearly every other U.S. combatant command, and experienced 44,551 “computer network events” during 2011 alone, and intrusion attempts are increasing, Gen. William M. Fraser III, TRANSCOM’s commander, told Congress earlier this year.
Those breaches, if not detected and defeated, could bring the military’s global transportation and distribution enterprises to their knees.
Unlike most combatant commands that interface primarily with other secure military and government networks, TRANSCOM relies heavily on commercial partners that deliver 70 percent of its supplies and passengers around the world, Fraser told legislators.
Ninety percent of the command’s distribution and deployment transactions are conducted in cyberspace, he said, much of it using unclassified and commercial systems lacking the safeguards provided on dot-mil and dot-gov networks.
“We are very cognizant of the fact that U.S. TRANSCOM movements represent an Achilles’ heel for U.S. power projection en route,” said Lt. Col. Robert Hume, the Joint Cyber Center’s intelligence branch chief. “If that is where you want to disrupt what the U.S. military does, that is where you go.”
Recognizing this vulnerability, Fraser identified unfettered access to secure information networks as one of four major focus areas in the command’s recently released five-year plan.
“Every day, U.S. TRANSCOM operates in a cyber domain that is increasingly at risk,” he noted in the plan. “Cyber defense is a command imperative. We must be much more proactive in protecting our information technology infrastructure and the credibility of the information we exchange with our allies and national partners.”
The new Joint Cyber Center, established last spring, is taking the lead in this endeavor.
As part of the Defense Department’s new cyber security strategy, Defense Secretary Leon E. Panetta last May directed every combatant command to stand up such a center, said Col. David Johnson, chief of TRANSCOM’s Joint Cyber Center.
“Secure cyber networks are vital to every combatant command, whether it is a geographic combatant command fighting the war or a functional combatant command moving materials around the world,” Johnson said. “Information is how you provide the direction to your sub-units.”
Panetta gave the combatant commands free rein to organize their centers based on their own requirements, spelling out 65 specific tasks to accomplish. He designated a transitional evaluation period to determine which structure proved most effective.
TRANSCOM already had a running start when Panetta’s mandate came down. About 10 years ago, far-sighted leaders at the command established an informal joint cyber center to protect their networks. That framework brought together the command’s plans and operations, communications and intelligence capabilities to confront the cyber challenge.
“So when we stood up our (Joint Cyber Center,) all we really did was take the three entities that already existed and were working together and put them into the same office,” Johnson said. “The relationships were already there.”
The new JCC operates as a 24/7 command-and-control center, focusing on three basic functions, he said. Working with other elements of TRANSCOM’s Command, Control, Communications and Cyber Systems directorate, its members help secure the command’s information networks and help its partners secure theirs. The JCC also directs defensive operations to protect these networks and offensive operations to stop cyber-attacks in progress.
Johnson emphasized that unlike other combatant commands that could use offensive cyberspace operations to create a battlefield effect, TRANSCOM concentrates primarily on defensive operations. Offensive cyberspace operations, if required, would be conducted by U.S. Cyber Command, and only to defend against an attack, he said.
“We are aware what is available to us, and have the capability to use it,” Johnson said. “But we don’t see ourselves using it the same way that geographic combatant commands do. We look at the capabilities on the offensive side primarily to beef up our defense.”
Johnson called TRANSCOM’s decision to maintain an embedded intelligence cell within the JCC one of its strengths.
“It gives us incredible insight into enemy capabilities and intent,” he said.
Intelligence experts are “quite literally analyzing, in near-real time, the activity on our networks, and they are able to see enemy activity and react to it,” Johnson said. “We understand the adversary, and we understand what he is doing faster than most of the networks in the Department of Defense.”
The command’s efforts recently garnered TRANSCOM the National Security Agency’s Frank Byron Rowlett Award for excellence in information systems security. TRANSCOM has been a finalist in the competition for the last three years and won first place in 2003.
But despite a strong track record, Hume recognized that “your networks and your data are only as strong as your weakest link.”
To reinforce those weakest links, TRANSCOM established a chiefs of information forum to help contractors improve their information assurance practices. The command’s acquisition directorate stood up a commercial executive advisory board to educate commercial vendors about the cyber threat, and changed language in TRANSCOM contracts to hold contractors to specific standards in protecting their data systems.
TRANSCOM also is considering creating a secure network for non-DOD contractors to use for communications concerning command missions.
Contractors, recognizing their own vulnerability, are anxious to strengthen their cyber defenses, Hume said.
“This is a two-way street in that adversaries attempting to leverage access to (contractors’) networks, to gain access to U.S. government data also enables them to gain access to their own corporate data and theoretically, undermine their business models,” he said.
Johnson emphasized the fine line between espionage and a cyber-attack.
“If I break into your system and see what you are doing, it is only one more keystroke to disrupt what you are doing, because I am already into your network,” he said. “People don’t understand that once they are in there spying, it is exceptionally easy to change what they are doing and attack. It is just a matter of intent.
“And that is something we are cognizant of every day here at TRANSCOM,” Johnson continued. “It’s a recognition that guides everything the JCC does.”