Network Center Ensures Security

August 2005
By Robert K. Ackerman
E-mail About the Author

The U.S. Army Network Operations and Security Center (ANOSC) is co-located with the Army Computer Emergency Response Team (ACERT) to help ensure network security. Also located in the Fort Belvoir, Virginia, facility are task force operations and computer network operations intelligence.
Keeping ahead of cyberfoes remains the key to protecting information technology assets.

New technologies, better hackers and an increased demand for network services have shifted the focus of the U.S. Army Network Operations and Security Center. The center is standardizing individual security measures globally as it strives to stay one step ahead of cyberspace adversaries.

Many of the new information technologies that are introduced rapidly into the force create their own security challenges, and the time frame for responding to security incidents is much shorter than it was just a few years ago. The center is moving solutions and methodologies quickly into the field. It is working on new approaches to network operations and aims to introduce them across the U.S. Defense Department.

“Given the capabilities of the threat, we as an Army do a pretty good job of operating and defending our networks,” contends Col. Kenneth R. Harrison, USA, former director of the Army Network Operations and Security Center (ANOSC) at Fort Belvoir, Virginia. “It’s a pretty tough business, and it’s unforgiving.

“As we move to better technology and more solutions, the threat moves and changes with us. Our ability to counteract is pretty good, and we’re getting better—we’re learning more and more each day.”

The ANOSC is a part of the Army Network Enterprise Technology Command, or NETCOM, based at Fort Huachuca, Arizona. NETCOM is tasked with operating, managing and defending the Army’s enterprise-level infrastructure. The ANOSC focuses on those tasks for the Army’s portion of the Global Information Grid, or GIG. It also provides situational awareness for network operations to Army and NETCOM leadership.

Col. Harrison relates that the ANOSC is combatant-commander-centric in the Army. Where combatant commanders have areas of responsibility throughout the world, the ANOSC provides signals support to each theater. It collects and manages signals command and control and networks operations functions throughout these theaters.

The ANOSC is co-located at Fort Belvoir with the Army’s Computer Emergency Response Team, or ACERT. The ACERT serves as tactical control to the ANOSC for day-to-day network defense, the colonel explains. It provides direction without command and serves as a link to the ANOSC for computer network defense.

The ANOSC watches for major outages in large systems such as the Defense Switched Network or the two Internet protocol router networks. The ANOSC monitors as well as maintains those systems for the Army and notifies leadership immediately in the event of an outage. This becomes even more vital in a theater of combat or when a location is isolated, the colonel relates.

Another ANOSC responsibility is information assurance vulnerability alerts, or IAVAs. Whenever a network vulnerability has been discovered by either software providers or cybermarauders, the ANOSC publishes alerts globally through a Web site that gives users instructions to ameliorate the vulnerability.

The ANOSC faces a big security challenge because cyberspace adversaries have access to the same technologies that Army defenders do, Col. Harrison observes. “As we get more sophisticated in our defenses, so do they in their attacks,” he says. “It takes a big effort to ensure that we stay one step ahead of them and are protecting our networks.”

The threat from cyberspace is changing tactics, techniques and procedures, the colonel continues. Whenever the Army initiates a response to an intrusion or to an attack, adversaries react accordingly. “They’re paying attention, and they always go for the most vulnerable—soft—targets.”

Another challenge facing the ANOSC is to ensure that Army network users are educated so that they do not make it easy for cyberspace adversaries to gain access and entrance to networks, the colonel adds. Commanders now are focusing on the network operations information assurance/computer network defense (IA/CND) arena. As a result, commanders are holding users accountable for lapses in judgment or security that threaten the integrity of the network.

“The way we operate and defend our networks is changing drastically,” the colonel suggests. “Combatant commanders throughout CONUS [the continental United States] are very serious about their information security and protecting their networks.”

Ironically, personnel in overseas theaters have tended to take network security more seriously than those in CONUS, Col. Harrison states. These overseas personnel may be more security conscious because they are not in the comfortable environment of their home country, and as a result they are more thorough in their application of security measures. “You have a tendency to feel a little safer when you are within CONUS, and that probably is a bad assumption,” he offers. “CONUS is just as vulnerable—if not more vulnerable—in its networks than an overseas location that may be [physically] closer to the enemy in the global war on terrorism.

“This is a virtual war.”

The time that the ANOSC has to react to an attack on Army networks has shrunk considerably. Until recently, the ANOSC would have days or even weeks to deal with malicious activity on its networks. Now, the colonel offers, it has only minutes.

A communications specialist with the 3rd Infantry Division installs Internet cable in a U.S. Army facility in Iraq. Greater use of Internet services on networks has increased the need for immediate response to security breaches and outages.
One weapon to fight that challenge is a secure configuration remediation patch management system. It will allow experts to patch computers from a remote location. This system, Citadel’s Hercules, is used across the Defense Department. It is undergoing final testing and will save considerable time and money, the colonel states. “It can’t come to the field fast enough,” he emphasizes. “Our biggest challenge in security is knowing that there is a vulnerability out there and almost being at the mercy of systems administrators to physically put their hands on a box to patch it.”

The wars in Afghanistan and Iraq have altered the ANOSC’s mission as they have for much of the rest of the military. However, the ANOSC has been affected mostly by the importance of battlespace network situational awareness. Whenever a network event takes place, an outage occurs or a vulnerability appears, it generates a greater sense of urgency to solve the problem than it would have before the two wars, the colonel relates. In many cases this may require calling a commercial provider to help remedy the situation in theater. The ANOSC helps coordinate the necessary measures, he adds.

Another challenge facing the ANOSC is the proliferation of applications and stovepiped systems. To remedy these problems, the center has created Task Force NetOps, which is an initiative undertaken by Dr. Michael Gentry, the senior technical director of NETCOM. A team that he heads writes the architecture, the concept of operations and the requirements for network activities. For example, this team outlines router element management to address the different types of routers throughout the Army. Instead of specifying which element manager to choose, the initiative outlines all of the functions that must be performed by the manager. “Whenever someone purchases an application tool, we already have the documentation written—the architecture, the concept of operations and requirements—so whatever you buy will meet that documentation, and it will be interoperable,” Col. Harrison says.

The ANOSC is looking to extend this approach across the Defense Department. Some elements, such as routers or firewalls, are vendor-specific and must be managed with that vendor’s software. A firewall element enterprise solution is the next priority for this initiative. Other items on the wish list include common enterprise systems management, network intrusion prevention and backup and recovery.

With all the new information technology systems being planned or in the acquisition pipeline, the biggest task facing the ANOSC is to ensure that security is not an afterthought in those systems, Col. Harrison maintains. The security of those systems must be taken into account before they are introduced into the network. Security used to be more of an afterthought, he observes. But now, especially with wireless technologies (SIGNAL, July 2005, page 17), that attitude is changing. “With wireless, you’re into a whole new cyberworld,” he says. “We have some very smart people developing these systems, and they must use the most sophisticated hacker tools they can get to try to penetrate those systems before they can allow them to be introduced into our network.”

The ANOSC has become more synchronized with the joint community—the U.S. Strategic Command’s Joint Task Force-Global Network Operations (JTF-GNO)—than ever before, the colonel states. The result is better collaboration on virtually a daily basis, which has led to better unity of effort. This applies to other Defense Department entities and nondefense agencies. The GIG has been a big driver of this jointness, he says.

The Army G-3 has issued an information assurance executive order to help develop an assessment of the service’s information assurance posture. This includes certification, training and accountability, but it may take a few months for the Army to comply with some directives as many personnel are deployed in Southwest Asia.

A key is to standardize activities globally. Therefore, the ANOSC has produced an operations order for classified network operations to issue tactics, techniques and procedures for various roles and responsibilities around the world. The goal is to ensure that all theaters are “on the same sheet of music” for all aspects of network operations.

One of the areas that this operations order covers is reporting. The colonel explains that one theater might report an outage in a time frame that would be very different from the one in another theater. An individual moving to a new theater might not realize that the old theater’s standards of incident reporting do not apply to the new theater, and this difference might have considerable consequences.

So, the ANOSC is striving to ensure that all theaters report outages and other events to identical standards so that reporting thresholds are synchronized across the globe. This is especially vital for tactical units where people moving from one theater to another need not learn new procedures or standards. The next step is to extend this Army-wide standardization throughout the joint community at the joint task force level. “We are not there yet, but we are going to get there,” he warrants.

The center also has been participating in computer network defense exercises at the JTF-GNO level, Col. Harrison relates. The center wants to conduct these at the Army level, but they tend to be very planning-intensive. “These are invaluable in preparing us for the next network operations battle,” he says. “If we ever have to conduct some type of mitigation or defense of a network, those exercises prove to be highly beneficial.”


Web Resources
Citadel Hercules:


Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.