Front line of computer network defense Front line of computer network defense
The U.S. Army is pushing to ensure that the people in charge of the latest tools in warfare are up to date in defending its information and computer networks. Personnel who are key to the service’s transformation and its move to digitizing the force are being trained to install, configure, operate and maintain the latest communications systems and are learning to identify evolving threats to these systems.
An initiative is underway to revamp the way the Army trains its communications personnel. The Signal Regiment at Fort Gordon, Georgia, recently announced plans to change its approach from one that provides an overview of a multitude of systems to one that is more assignment-oriented and subsequently facilitates lifelong learning (SIGNAL, October, page 47). One essential element of this continuous education is a practice that already is established at Fort Gordon’s School of Information Technology (SIT). It involves drawing on instructor and student expertise as well as industry paradigms.
Col. Bernard E. Kulifay Jr., USA, director of the school, relates that the military is a reflection of a society that, as a whole, has become network-centric. One consequence of this phenomenon, however, is an increasing need for information assurance and protection. “You can imagine that people who are very, very savvy can get access to information that really needs to be protected. This need has grown exponentially over the last decade. As we’ve learned how to use information technology, hand in hand with that comes the requirement to secure that information. The more computers we add to a network, the more vulnerabilities that are created,” Col. Kulifay offers.
The school not only keeps students abreast of the latest threats to information systems and how to defend against them but also provides students with prompt updates on U.S. Defense Department directives and policies.
SIT will contribute to the university-learning approach being introduced this fall, the colonel relates. The concept includes developing a resource center of information that soldiers can draw on when they need to prepare to move to another unit, review lessons they may have learned years before or become familiar with new technologies, procedures and policies.
“SIT will provide distance learning and programs of instruction or curricula that other institutions would download and then teach on site. Everyone would contribute, not just SIT. This is a revolution in education that is happening across the country. Many things that we do are reflections of business practices,” Col. Kulifay observes.
In his leadership at SIT, the colonel takes a serious look at commercial training facilities and in a positive manner views them as competitors. “We have to provide the same quality of instruction [as the private firms]. In order to do that, we have to have instructors who are prepared,” he says.
Excellence in teaching, the colonel maintains, involves two elements. First, teachers themselves must take classes to obtain certification in systems such as Microsoft NT. Classroom learning, however, is only one part of providing outstanding trainers. “Certifications are great, but experience is also key to keeping up with the pace of change,” he adds. To this end, the school encourages its instructors to stay abreast of current trends by listening to their students and conducting research on the Internet.
Nowhere is the need to keep up with the pace of change more critical than in the information assurance realm. The importance of information to the future Army is its role as a crucial combat enabler, the colonel explains. “We have to train our people on how to protect the information and detect if someone is trying to manipulate it or deny availability and then have some way to react,” he says.
Maj. Mark V. Hoyt, USA, chief, information assurance training at SIT, explains that the school is addressing the mounting requirement for information security with courses that are relevant to the amount of experience a soldier has accumulated.
The information assurance security officers’ course is entirely Web-based and aimed at system administrators or network managers with fewer than three years of experience. It includes information about the rules, regulations and accreditation of information technology systems, and general security policies.
Students can complete the course in 20 to 40 hours. Once they pass the final examination, which also is taken online, they receive a certificate. More than 6,000 personnel have completed this course since its inception in 1999.
For information technology professionals with more experience, the school offers its system administrator/network manager security (SA/NMS) course.
The 10-day SA/NMS lesson is integrated into several other classes taught at SIT, including the basic noncommissioned officer course, the advanced noncommissioned officer course, the warrant officer basic and advanced courses, the information systems management course, and the functional course offered for civilian government personnel, soldiers and contractors. Approximately 1,000 people are trained in these courses in about 60 classes each year.
Maj. Hoyt explains that the SA/NMS curriculum originated at Fort Gordon in 1998; however, an increase in the number of system administrators and network managers who needed information assurance training prompted the director of information systems for command, control, communications and computers (DISC4) to fund and field several mirror sites.
“All mirror sites had to pass a certification process by first having their instructors come to Fort Gordon for four weeks to take and teach the course while being monitored by another certified instructor. Then they had to build their computer laboratory to the Fort Gordon standard and pass an on-site inspection by SIT’s chief of information assurance training from Fort Gordon,” Maj. Hoyt relates. The mirror sites are required to teach the same material that is taught at Fort Gordon, he adds. Today, the SA/NMS course is offered at 10 locations worldwide, including Korea and Hawaii.
The major adds that during the class students take part in hands-on training. After some instruction, they are assigned to computers and must secure the system by using the techniques they have learned in class. This is an effective teaching tool, Maj. Hoyt notes, because they can make mistakes in the classroom without crashing a system that is part of ongoing operations.
As a result of the training, students better understand and have practical experience on firewalls, router access, control lists, intrusion detection systems, cryptography, legal issues, and proper Army reporting procedures and incident handling, the major says. Because the course is only two weeks in duration, Maj. Hoyt explains it is difficult to cover all of the necessary material. To address this challenge, students receive two security checklists for Windows NT and UNIX systems and a compact disc that includes additional resources about regulations, security checklists and classroom material.
To keep the class material current, the courses are updated or changed quarterly with revisions based on security incidents, student feedback and instructor involvement. “Instructors are very active in going out on the Web and finding out about the threats that are out there,” the major explains.
While hacker methods are shared with the students, trainees are not taught how to break into a system. Maj. Hoyt points out that individual hackers may use only about 10 different methods to break into a system, but system administrators and network managers must be aware of as many of the techniques as possible.
Since its inception, more than 4,000 personnel have been trained in the SA/NMS course. “According to several people in [the Office of] the DISC4, this course has had a major impact on aiding in the computer network defense of Army networks and information systems,” Maj. Hoyt relates.
The importance of information security continues to grow as data becomes a more valuable tool on the battlefield, the major maintains. “The primary two issues [in the tactical realm] are preventing unauthorized access to our systems and preventing denial of service attacks against our systems while allowing for fast and reliable data communication. The Army needs to have confidential information flow—encrypted—that is readily available to give Army commanders on the ground all available information in a timely manner. This allows commanders to make sound decisions and win engagements,” he states.
While the major contends that there are literally hundreds of information security problems today, some of the key issues are information technology security policies that are insufficient and not enforced, poor patching of operating systems, inadequate physical security of computer systems, poor passwords and a lack of encryption mechanisms.
The use of encryption to keep data confidential will likely increase in the future, Maj. Hoyt opines. “Eventually everyone in the Army will encrypt most if not all information transferred over the Army’s networks,” he states. The service also may begin to replace passwords with biometric technology and may further isolate its networks from the Internet to secure its systems, he adds.
As information sharing moves down to the individual soldier level through the use of wireless devices, one of the largest threats to information sharing becomes denial of service attacks, Maj. Hoyt observes. “Information is protected with encryption that is very hard to break, so the biggest problem is jamming. On a dispersed battlefield, if you can’t reach someone, you can’t command them,” the major states. Although security is a large problem in a battlespace environment, bandwidth is a bigger challenge, he observes.
The major describes two other substantial threats to information assurance: insiders who already have access to information technology systems and intruders who have access to adequate resources. The best way to counter insider attacks is through encryption, he says.
Although available software helps system administrators monitor the networks, a need exists for programs that can better analyze the data. Developing software that can sift through the information more efficiently and automatically would support the protection of information by allowing system administrators to focus on and react to threats, Maj. Hoyt relates.