The recent success of network-centric warriors in operation Enduring Freedom has shined the spotlight on information operations. News reports are flush with stories of how allied forces employed information for precise real-time targeting of enemy assets. The results of these operations stand in testimony to their effectiveness: a brutal totalitarian dictatorship overthrown and its terrorist cohorts routed from their places of sanctuary.
Make no mistake—a strong offensive capability that is advertised to potential adversaries is a strong deterrent. But deterrence alone is not enough to forestall all attacks from determined terrorists who, like the members of Osama bin Laden’s doomsday cult that crashed passenger-filled jetliners into populated buildings, have little regard for the human cost of their operations. The network-centric Free World must expect that its information systems will be considered the soft underbelly of civilization. Accordingly, the hope brought by successful offensive information operations must be tempered by the realization that defensive information operations are just as vital to winning the war on terrorism. And, that home front may be the key battleground for these defensive measures.
The United States has recognized that its dependence on information technology makes it more vulnerable to attack than any other nation. As Americans view the importance of global and homeland security, it is clear that protection of information has become key to safeguarding the nation’s underlying financial, energy, defense and civil government bases. The nation’s vital infrastructure, both civilian and military, is a tempting multifaceted target to malevolent cybernauts.
Two years before the September 11 attacks, the U.S. Defense Department recognized that protecting the defense information infrastructure was key to the success of military operations. Based on that recognition, two major events ensued. The first was the establishment of the Joint Task Force-Computer Network Defense (JTF-CND) at the Defense Information Systems Agency. The second event was the assignment of computer network defense for the defense information infrastructure to the commander in chief, U.S. Space Command (USCINCSPACE). One year later, USCINCSPACE also received the mission of computer network attack (CNA). During that same period, the JTF began to report directly to USCINCSPACE. The next step was to combine CND and CNA under the JTF as computer network operations. This evolution illustrates how the protection of the defense information infrastructure was viewed as a warfare area critical to national defense—well before September 11, 2001.
Industry also has been making investments to protect the information infrastructure that is so essential to the country’s financial system, power grid, civil government operations and transportation systems.
Now is the time for the Defense Department and industry to form a strong partnership to protect information as a national asset. Making this happen will not be a matter of simply introducing government to industry and vice versa. Cultural differences between the defense community and the private sector must be overcome for the success of this vital endeavor.
For example, the two sectors take a vastly different approach to dealing with information system shortfalls, and reconciling those differences will require a cultural change. The Defense Department receives funding by identifying shortfalls in meeting requirements, and then justifying additional money from Congress on the basis of these deficiencies. Industry, on the other hand, does not boost revenue by publicizing its technology shortfalls. Instead, a company will take its network down for routine service each month to install patches or other buffers. When the Defense Department and industry partner, these two cultures clash.
However, to be successful, there is no alternative to this government/industry partnership. Both sides must work together if they are to prevail in this first war of the new millennium.
While the first priority for both the Defense Department and industry is to protect the network, a related effort must focus on exchanging methods and technologies. The current trend is for the defense community to turn to private industry for the latest in information technology. However, the military has accrued valuable knowledge and methodologies in defensive information operations. The Defense Department and industry must establish a mechanism to allow military investments in network protection to be transferred to the private sector. Just as remote sensing technology originally developed for the government now is fueling a boom in commercial satellite imagery, so too can commercial firms apply defense information assurance measures—to everyone’s benefit.
With its position as the association of choice for information technology professionals, AFCEA International finds itself at the heart of all these information technology activities. This year, TechNet International will bring together leading authorities to discuss these challenges and review the progress we have made in policy, procedures and technology to protect our networks. AFCEA International will continue to focus Washington, D.C.-area events on global and homeland security for the foreseeable future. Because we have more to lose than any other nation in the world, job one must be the protection of our information infrastructure.