DISA Targeted to Tackle Network Defense Role
The U.S. Defense Department integrates cyber operations and defense.
The U.S. Defense Information Systems Agency is being tasked with an operational role in the cyber domain, namely network defense. The new role creates a formal relationship between the agency, U.S. Cyber Command and the military services; integrates network operations and defense; and should ultimately improve security.
Adm. Michael Rogers, USN, who leads both the U.S. Cyber Command and the National Security Agency, began promoting the plan months ago. The Defense Information Systems Agency (DISA) primarily has been a technical and acquisition organization, but it also operates segments of the department’s network infrastructure. “We need to integrate operations of the networks and our defensive workforce into one team. You are more effective in both operating a network and defending a network when you do it with one integrated approach,” Adm. Rogers says. He adds that network operation skills and network defense skills enhance each other.
“As a result of that, we decided we needed to create a relationship between U.S. Cyber Command and DISA,” he explains.
The various players have been hammering out an agreement for months to define exactly how that relationship will work. Those players include Terry Halvorsen, the Defense Department’s acting chief information officer, and Lt. Gen. Ronnie Hawkins, USAF, DISA director. “I’ve been working with DISA, the services, the combatant commanders and the department, particularly the chief information officer,” Adm. Rogers reports. “I’ve sat with Gen. Hawkins and said what we need to do is create an operational construct that creates a direct linkage between U.S. Cyber Command, DISA and the U.S. Cyber Command service components.”
The agreement will create a Joint Force Headquarters for Department of Defense Information Networks, which will be referred to as JFHQ-DoDIN. “That is a function that we will assign to DISA to execute, and then we’ll partner as we move forward. And DISA in turn will have a command relationship with our service components. Part of the challenge is that our networks are largely constructed along service lines. Every service runs its own network,” he says.
Speaking at DISA’s Forecast to Industry Day, Fort Meade, Maryland, in August, Mark Orndorff, the agency’s program executive officer for mission assurance, said the reorganization aims to centralize defense policies and shore up vulnerable “seams in the defense approach that don’t make any sense from a cyberdefense perspective.” He added that the seams provide adversaries an opportunity to walk through undetected.
“The plan is not to say DISA is going to take over,” Orndorff said at the event. “I think it’s more that DISA will be working with the services, providing the infrastructure to enable each of us to more effectively do our own cyber responsibilities.”
The inherent inefficiencies in the current arrangement have bothered Adm. Rogers for a long time, he indicates. “In my previous life, where I was the Navy’s Fleet Cyber Command commander, I was responsible for my service’s networks. And I never understood why every service pays to operate and maintain a global network backbone. Why don’t we have one integrated global backbone, and then each service focuses on the connections between that global backbone and their tactical users? Why are we spending manpower, time, effort and money to replicate capability across four services? It makes no sense to me. And quite frankly, when I look at the future, I don’t think it’s a financial model that we can sustain,” he contends.
The Joint Information Environment (JIE) is a critical part of the future vision. “Our operational vision, a global joint backbone, does not reflect the reality of the network structure today. That’s why JIE, to me, is so important. That’s the path we will use to achieve that global joint backbone that’s common across all the services and across all the geographic regions and the combatant commanders,” the admiral states.
He reports that key players are on board with the plan, but the shift will not necessarily be easy. “Clearly, there are challenges. We’ve got to change the network construct to achieve the operational vision for the future. Any time you change something as significant as the network backbone of the department, you’re talking about challenges in money, you’re talking about challenges in design and architecture, and perhaps most important of all, you’re talking about changes in culture,” he acknowledges. “I see great buy-in from DISA; I see great buy-in from the services; I see great buy-in from the department’s leadership. It just all takes more time than you would like.”
During the DISA industry forecast, Gen. Hawkins also acknowledged that the reorganization will not be quick. “Any organization that has gone through this dramatic of a change, it takes time, and we understand that,” Gen. Hawkins said at the event. “We believe we are on the right track in getting this done. We know we’ll have some bumps in the road, and we’ll fix that.”
The admiral envisions a cyberforce on par with other warfighters. “We’ve done a good job of articulating our force structure needs and the broad operational vision that we need to execute in order to maximize the effectiveness of those capabilities that we’re creating. I want to generate that capability and bring it to a level where it’s every bit as trained and ready as any carrier strike group that’s over in the Central Command area of responsibility, as any brigade combat team on the ground in Afghanistan,” he asserts.
Making that vision a reality requires greater network situational awareness than the department currently possesses. “I’d like to make sure we have the tools in place to really have true situational awareness of just what is going on in our networks,” Adm. Rogers says.
He explains that it is difficult to defend something that cannot be visualized. “As an operational commander, I am used to walking into a command center, looking at a visual depiction that—through symbology, color and geography—enables me to very quickly come to a sense of what’s happening in this space and what decisions that I as a commander need to be making. We are not there yet in the cyber arena.” And getting there is essential to providing the speed, flexibility and mission effectiveness needed, he adds.
Simply defining what knowledge is critical for cyberwarriors presents a challenge. “We’ve got to create a system that you can tailor to the needs of the commander because it’s not just about U.S. Cyber Command having situational awareness of what is going on within the network domain. It is about the department and its subordinate elements having awareness of what’s going on,” Adm. Rogers says.
Maj. Gen. Alan Lynn, USA, DISA vice director, told the industry day audience that the individual services can aid departmentwide situational awareness by sharing data feeds on attacks. “Let’s say they have attack vectors coming toward them. They all can see those individually. Where we have greater impact is if we could see the total picture of the attack so that we can do the large data analytics. If we have an attack on one, we would already know, especially with something new,” Gen. Lynn said at the DISA event. “We’d know what that was so we could spread the word to all of the other services.”
The military services are working on cyber situational awareness solutions, as is the Defense Advanced Research Projects Agency (DARPA) with its Plan X program, Adm. Rogers notes. Plan X seeks to build an end-to-end system that enables the military to understand, plan and manage cyberwarfare in real-time, large-scale and dynamic network environments.
“I’m interested in something in cyber that is very consistent with the approach we’ve used in the other domains because one of our concerns—in Cyber Command, in particular—has been to come up with methodologies that complement what is going on in the other warfighting environments out there,” Adm. Rogers says. “We cannot sit here and tell ourselves that cyber is so special, so different, so unique that everything we do has got to be different.”
Cyber has its differences—no geographical boundaries, for example—but it also has many of the same traditional elements as other domains, he explains, suggesting the network defense forces need to “maximize the ability to use terminology, tactics, techniques and procedures that are understood by others,” and then ask what they need that is different. Like other warfighters, network warriors need to know if a particular action has succeeded, and if not, what the next set of actions needs to be, he offers.
Adm. Rogers compares the importance of the cyber mission in future wars to logistics. “I think one of the experiences that we’re going to see in the 21st century is, as an operational commander, regardless of your mission, you need to have a sense of what is going on in your networks, where you’re taking risks and the impact of that network structure and its activities on your ability to execute your mission,” he says. “To me, cyber is very, very foundational to the future.”
Sandra Jontz, director of content development and executive editor, contributed to this report.