When a U.S. federal jury convicted Noshir Gowadia of spying for the People's Republic of China in August, it marked a victory for several U.S. investigative agencies. During their evidence gathering, these groups were supported by three years of assistance from another organization—the U.S. Department of Defense Cyber Crime Center (DC3). Comprising the Defense Industrial Base Collaborative Information Sharing Environment (DCISE), Department of Defense Cyber Crime Institute, Defense Cyber Investigations Training Academy, National Cyber Investigative Joint Task Force Analytic Group and the Department of Defense Computer Forensics Laboratory, the military center has a special focus on computer forensics to assist its various customers and clients.
Steven Shirley, executive director of DC3, explains that his people focus on helping Defense Department law enforcement, counterterrorism and counterintelligence personnel as well as network defenders with digital forensics issues. As it has grown since its inception in 1998, the center also has developed initiatives to enhance these capabilities. In 2005, DC3 released the National Repository for Digital Forensics Intelligence, which now connects approximately 600 law enforcement organizations that have some level of digital forensics expertise. Shirley says the goal is to share best practices and tools among the various groups.
The center also runs the annual Digital Forensics Challenge. The effort aims to develop new tools, techniques and methodologies resolve issues and establish relationships within the digital forensics community. In its day-to-day operations, DC3 supports investigative organizations and does some of its own investigating through DCISE, which is the focal point and clearinghouse for referrals of intrusion events on the defense industrial base unclassified corporate networks. Much of the center’s work involves responding to clients who have intrusions from external sources. "Those are incessant," Shirley says.
Through the various facets of its operations, DC3 responds to internal and external threats, both of which pose dangers to military operations. "There is a great deal of discussion today about insider threats and how those can be very significant concerns for any organization running a network whether it is in industry or whether it is in government," Shirley explains. He adds, "I think from where I stand ... there's substantial cause to be awfully concerned about external threats to our networks."
Every breach of networks in the United States is a violation of U.S. Code Title 18 Section 1030. "That's a nexus for action for a law enforcement organization to look at any intrusion within their jurisdiction," Shirley explains. In the military, that could mean the Air Force Office of Special Investigation, Naval Criminal Investigative Service or the Army Criminal Investigative Division. "Those guys constitute our frequent fliers, if you will, our main clients from that [investigative] standpoint," Shirley says. His office assists in military network defense along with organizations such as the Joint Task Force Global Network Operations. "We're coming at it from a slightly different point on the compass but with very complementary kinds of effects," he states.
Despite all the emphasis and attention placed on security, Shirley believes many in the military would be surprised to learn the scope of network threats. He explains that so many devices are used every day that people forget that they connect to the network and pose, or are exposed to, hazards. "In a sense, the earth has shifted under our feet without us recognizing it," he says. Because of the rapid integration of network technologies into society, information assurance practices can be left undone, opening an aperture for enemies looking to exploit weaknesses.
October is National Cybersecurity Awareness Month. For more information about protecting your networks, visit the National Cyber Security Alliance's www.staysafeonline.org website.