Historic Cyber Unit Begins Daily Action

March 2012
By George I. Seffers, SIGNAL Magazine
E-mail About the Author


Soldiers from the 780th Military Intelligence Brigade, the service’s first brigade with a network operations mission, receive cyber training.

The Army activates its first cyber brigade.

Personnel from the U.S. Army’s 780th Military Intelligence Brigade—the service’s first-ever cyber brigade—already are assisting in securing the U.S. Defense Department’s networks against cyber attacks, although the brigade will not be fully operational until fiscal year 2015. The unit officially was activated on December 1, but preparation for the group has been in the works for years.

The brigade has had a contingent in the combat theater for months, reports Col. John Sweet, USA, who is the commander. “We have an expeditionary cyber capability to assist Army units in defense of their networks. We have a team that is forward deployed right now in Afghanistan. They go forward to help the brigade combat team secure their networks,” the colonel explains, adding that the expeditionary cyber capability is mission-oriented so that forward-deployed network security contingents can be tailored to each specific mission, whether supporting a brigade combat team or a division.

The organization’s mission is to conduct signals intelligence and computer network operations. The task includes supporting U.S. forces by enabling a dynamic computer network defense and, when directed, conducting offensive operations. The goal is to ensure U.S. forces can operate freely in the cyber domain while preventing adversaries from doing the same. “We improve security every day in the conduct of our mission, working on the protection of the Department of Defense networks,” Col. Sweet explains. “We have successes every day as far as operations in the domain.”

The unique cyber fighting force adds to the Army’s network operations arsenal and will face what military officials describe as a growing and persistent threat of a network invasion. “It’s a very complex threat—pervasive, evolving, highly intelligent, very adaptive to our countermeasures,” Col. Sweet says. “It ranges from nation-states to non-nation-state actors, criminal elements and individual hackers. Motivations and goals range from the challenge of getting into a network to ideological goals to financial gain, including gathering information and intelligence to support foreign national interests. It’s a wide and varied threat we have to defend against.”

That threat, according to Col. Sweet and other Defense Department officials, includes an average of 250,000 probes per hour on its 15,000 networks and more than 7 million computing devices. “That comes out to about 6 million times a day that someone is trying to get into our networks,” the colonel contends. In addition, cyber threats continue to grow in scope and severity on a daily basis, defense officials warn, with more than 60,000 new malicious software programs or variations identified every day.

The commander cites the ever-evolving threat as one challenge the new unit faces. “If there’s anything that keeps me awake at night, it’s the technology and how fast our adversaries evolve and the techniques they’re using to try to get into our networks—and keeping up with that amount of information,” he says.

Army Cyber History

1998: 704th Military Intelligence (MI)
Brigade tasked to develop a computer network operations force for the Army.

2000: Detachment Meade, 742nd MI Battalion established.

2007: Detachment Meade renamed
Army Network Warfare Battalion.

2009: Army Network Warfare Battalion officially activated as the 744th MI Battalion (Army Network Warfare Battalion).

2010: Army approved establishment of
Army Cyber Brigade and designated the 780th MI Brigade to fulfill the mission.

Still in the early stages of growing the unit, he has more mundane worries though, including staffing the brigade, constructing buildings for the personnel, training the work force and retaining the work force once it is trained. “Our work force is a mix of civilian and military, so we’re actively recruiting a civilian work force to come in and work for us,” he states. “You have industry and even other Department of Defense organizations eager to hire soldiers and civilians with cyber skill sets, so it is a tough mission to retain our personnel.” He adds that, so far, the service successfully retains a fair number of its cyber professionals.

Training will include more than 22 weeks of advanced individual schooling in a new military occupational skill (MOS) known as a cryptologic network warfare specialist. The new MOS was approved in January. Soldiers, sailors, airmen and Marines who sign up for the new job skill attend a joint advanced individual training course in Pensacola, Florida. Additionally, soldiers assigned to the new brigade continually receive additional training with the unit to maintain and update their skills.

Brigade personnel are given the discretion of writing code as new threats arise rather than having to rely on available tools or submit new software to a cumbersome approval process. “Because of the evolution of the threat—how fast technology changes—we need to have that capability to keep up with the threat and to continually update the tools that we’re using to defend our network. It would make it difficult to conduct our mission if we didn’t have the ability to react to what the adversaries are doing,” the colonel states.

The brigade hosts one battalion, the 781st Military Intelligence Battalion and the brigade headquarters at Fort Meade, Maryland, and is building another battalion, the 782nd Military Intelligence Battalion, along with a headquarters company, at Fort Gordon, Georgia. The headquarters company is scheduled for activation in September or October of this year, and the 782nd should be fully established by summer of 2013.

The brigade works closely with other cyber organizations, such as the National Security Agency, Army Cyber Command and U.S. Cyber Command. The unit has an administrative control relationship with the Army’s Intelligence and Security Command (INSCOM), meaning INSCOM provides administrative support such as budgeting. Operational control however is held by Army Cyber Command (ARCYBER), which means Lt. Gen. Rhett Hernandez, USA, who leads the ARCYBER, has the authority to assign missions to the new unit. The ARCYBER brings together the service’s cyber resources under a single command. The Network Enterprise Technology Command/9th Signal Command and 1st Information Operations Command (Land) are subordinate units. Additionally, INSCOM falls under the ARCYBER operational control for network security operations.

Army officials point out that the service’s first cyber brigade was approved and initiated during a time of two wars in the Middle East, other operations around the globe and resource constraints, which indicates how seriously the military takes the cyber threat. At the activation ceremony, Maj. Gen. Mary A. Legere, USA, INSCOM commander, indicated that the activation of an entirely new unit is a military rarity. The brigade will, she says, “… contribute to a complex fight against those who present a clear and present danger to our nation’s security, while providing new and breathtaking capabilities to our Army’s already impressive portfolio of warfighting capabilities.”

INSCOM: www.inscom.army.mil/default.aspx?text=off&size=12pt
U.S. Army Cyber Command: www.arcyber.army.mil


Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.