A new facility for cybersecurity is allowing U.S. Forces Korea to coordinate efforts with other U.S. commands as well as Republic of Korea civilian government and military forces. The Joint Cyber Center serves as the focal point for increasing international cooperation between U.S. and Korean forces in their defensive measures against increasing cyber aggression from North Korea. It blends activities from the local J-2, J-3 and J-6 along with input from other forces worldwide.
The cyber center coordinates through its headquarters and partners with its counterparts at the U.S. Pacific Command (PACOM). Through PACOM, the center works with the U.S. Cyber Command (CYBERCOM). Any direction the center receives from CYBERCOM would come through PACOM.
Col. Karlton D. Johnson, USAF, is the U.S. Forces Korea J-6 and senior communicator for U.S. forces in Korea. He says what is unique about this cyber center is its partnership with the Republic of Korea. Col. Johnson notes that, in March and June of 2012, cyber attacks hit the Korean national infrastructure and its banking sector. U.S. forces viewed the threat across the board to ensure they were defended, and it coordinated with Korean partners through the Joint Cyber Center (JCC).
The colonel emphasizes that the two countries do not share locations at the cyber center. They “share what is shareable” through their bilateral cooperation protocols. Earlier this year, Korean and U.S. forces held the first bilateral cyber tabletop exercise, in which the U.S. Forces Korea J-6 served as the synchronizing agent with Korean government and military agencies.
Col. Johnson continues that he has “an outstanding working relationship” with the commander of the Korean cyber command as well as with the Korean Joint Chiefs of Staff J-6 and the Korean Ministry of National Defense. All are focused on broad cyberdefense because Korea has been on the front lines of cyber, he notes.
The JCC depends on its partnerships for vital information in the broader cyber realm. While it focuses on the Korean peninsula, the center also relies on input from other locations and organizations to generate an accurate cyber picture. These other organizations also may provide support if necessary, the colonel points out.
If the JCC detects a perceived threat to an infosphere other than that of U.S. Forces Korea—such as the Korean commercial or civilian infostructure—it would alert its appropriate partner. “If we see something that is untoward … who does what is important,” the colonel states. “There are things that we would not have the jurisdiction to do, but it would fall in theirs [partners’] to take action.
“If there’s something that we noticed, then I would share that information with my partners, and let them run with it as they saw fit,” he summarizes.
The JCC takes the approach that cyberdefense is more than just countering digital marauders when and where they strike. “As cyber has become more operationalized, it’s a new game,” Col. Johnson states. “And, you have the same issues that others have in terms of bringing in the right types of people, getting the right types of capabilities in place. The difference here … is that we are on the front lines here [in Korea]. So, we have more of a sense of urgency behind getting things right—not just for the United States, but also working with our partners for regional security.”
As part of this operationalization effort, the JCC continues to improve how it shares with its partners. The center has benefitted from joint exercises, and those benefits should continue to strengthen over the next couple of years, Col. Johnson says.
The cyber center coordinates with theater forces such as the Army G-6 (SIGNAL Magazine, November 2013, page 26, “Korean Military Networks …”). The Joint Network Control Center and the 1st Signal Brigade, which provides much of the unclassified theater capabilities, offer the cyber center the ability to synchronize cyber efforts.
For example, the 1st Signal Brigade manages the Army’s unclassified network. But, if the cyber center observes an activity with that network, the brigade command will collaborate with the cyber center on potential measures, which would be funneled up the chain of command as needed.
The center achieved initial operational capability in February 2013. It should reach full operational capability within a year, the colonel estimates. The command has been building the capability since 2011.
The center had its origins in a desire by the command for a capability with improved fidelity both for internal defenses and for the overall cyber environment. This entailed what the colonel describes as a radical approach: examining the functions of the J-2, the J-3 and the J-6, and then merging those functions into the new center.
“When you look at cyber as a new domain—and we are looking at cyber as an operational piece—you have to have a J-3 element involved with that,” Col. Johnson says. The J-6 is at the center of cyber, and the intelligence aspect is necessary to know what adversaries are doing. The JCC allows the command to fuse those into a single organization that provides the full range of capabilities needed for cyberdefense amid operations.
The colonel relates that cyber only recently was added to the various annual exercises conducted on the Korean peninsula. When J-6 planners began to add cyber to these exercises, they brought the J-2 and J-3 into the effort. What they learned from the exercises, they sought to operationalize in theater.
The new Joint Information Environment (JIE) will enable greater homogeneity sooner rather than later, Col. Johnson offers. This will help cybersecurity efforts across the Defense Department. “The more you can flatten your cyber terrain makes it easier to defend that terrain,” he points out. Similarly, an individual’s security expertise will transfer from one command to another without requiring new training. “You will get the same [security] effects across the entire enterprise,” he says.
The JCC is involved with JIE discussions, the colonel notes. “We’re finding new ways to get this right up front. As JIE evolves, the JCC will involve [itself] and adjust to leverage those capabilities you get out of JIE—and become more effective.
“Making sure we continue to lock the JCC in with the JIE effort is going to be paramount,” he continues. “When you have various networks, and you expand what you have to defend, it becomes untenable at some point. That [JIE] effort is going to make us better; and if we can accelerate those JIE initiatives where we can, then we can get closer to the goal sooner rather than later,” he offers.
“On a daily basis, we have to make sure that we are seeing what is seeable and having a good feel for what is going on around us,” Col. Johnson says. “Just like in any operation, you have to ‘have your ears on’ and ensure that, when things just don’t seem right, you don’t hand wave and obviate.
“A lot of it is thinking ahead,” he continues. “It’s not just important to look at what is happening today. You have to have a good understanding of what you think is going to happen down the road, and then take a good look at how your capabilities are stacking up.”
The JCC continues to move toward full operational capability. Col. Johnson allows that the center is institutionalizing policies and procedures for the long term—“all the things that go into locking down a capability.
“It’s good to start out with something that’s a good idea, and that good idea transitions into a great capability,” he says. “Now you have to be able to sustain that for the long term, and there is still work to be done. Still, we’re making great progress in that area. Being able to lock that down with the manning and resourcing for the duration makes that an enduring capability,” he declares.
As with many specialties, efforts focus on people, processes and technology, the colonel continues. “You always have the challenge that every network defender, every network provider has,” he points out. “You can set up 27,000 gates, and all it takes is for one person to lose their key and then you have a challenge.”