Command’s Cybersecurity
 Crosses Domains, Directorates

Transporting billions of dollars' worth of Defense Department cargo requires an outside-the-box approach to information assurance. 

The U.S. Transportation Command has taken a novel approach to its Joint Cyber Center, reflecting the unusual needs of this organization that plays a role across U.S. military operations. Officials have found their decisions, such as uniting disparate experts in a single physical location, help save resources while increasing cooperation with the many industry partners that have integral roles in the efforts to keep supplies and people moving.

Former Defense Secretary Leon Panetta directed the establishment of Joint Cyber Centers (JCCs) to tie together the department’s combatant commands (COCOMs) and U.S. Cyber Command. Implementation was left up to the individual groups, with various COCOMs establishing their centers under different directorates. Transportation Command (TRANSCOM) stood up its unit under the J-3 combining elements with the J-2 and J-6, thus bringing together in one entity intelligence personnel, communicators and operators. The center reached full operational capability in January. Col. David Johnson, USAF, chief, TRANSCOM JCC, says this arrangement to have everyone side-by-side is unique as is the incorporation of its Theater Network Operations Control Center (TNCC), which gives JCC personnel additional situational awareness capabilities. The TNCC enables positive control of command, control, communications, computers, intelligence, surveillance and reconnaissance.

Brig. Gen. Gregory Touhill, USAF, director, TRANSCOM’s Command, Control, Communications and Cyber Systems Directorate, says the fusion of all the pieces in a single unit “has turned out to be a powerhouse team to defend and operate our cybersystems at U.S. TRANSCOM.” In addition to taking advantage of unity of command, a single supervisor and a single set of objectives, personnel benefit from being able simply to lean back in their chairs and coordinate with the people sitting next to them. Bringing the normally disparate experts together provides greater fidelity to the cyber operations, giving command leaders a better idea of how to manage risk to overall operations while increasing their ability to plan, handle crises and mitigate threats.

Part of the success of the command’s approach derives from efforts made before the directive regarding JCCs to improve cybercoordination. “Frankly, cybersecurity has been on TRANSCOM’s radar scope for many years,” Gen. Touhill explains. Predecessors of current command leadership had the foresight to recognize that logistics are heavily reliant on computer systems and networks around the world—and the heart of the command’s business is logistics. To execute its mission, the command works with more than 1,000 commercial partners so officials need to ensure the secure flow of information between military and nonmilitary partners, meaning plenty of work in the .com domain instead of the .mil one. “Operating in the unclassified space of the Internet is a fact of life for TRANSCOM and the Defense Department in general,” Gen. Touhill says. He adds that the transportation system worldwide is heavily reliant on relationships that use Web-based systems.

For TRANSCOM, these include not only strictly logistics networks, but also medical, communications and financial systems. The financial technology ensures that money is transferred as necessary for services rendered. And because TRANSCOM is responsible for making sure troops wounded on the battlefield reach facilities with proper care, it needs to understand those systems as well. So though the transportation business is logistics focused, the command’s field of vision has to take in other networks to accomplish its mission. The general explains that those various pieces present special challenges to TRANSCOM as it tries to maintain integrity of information, security of operations and effectiveness to maintain a posture of cybersecurity that allows experts to best manage risk.

To help ensure safety during all the .com transactions necessary to the command’s operations, the organization has put into place a modification of contract language telling companies if they want to do business with TRANSCOM, they must provide information about their information assurance capabilities and agree to report any adverse cyber activity that compromises data. “It’s important that we have that sharing of information so we can best manage our mutual risk,” Gen. Touhill says. TRANSCOM encourages its industry partners to become part of the Defense Industrial Base (DIB) Cybersecurity/Information Assurance Program, which the military describes as a voluntary program to enhance and supplement DIB participants’ capabilities to safeguard defense information that resides on or transits DIB unclassified information systems.

Command officials want to know when their information has been exposed so the commander adequately can identify the risk to operations. In return, the military organization shares information with commercial partners so they can enhance their security. TRANSCOM’s chief information officer forums bring in cyberleaders from around the interagency spectrum and from industry to improve cybersecurity awareness and best practices in the transportation arena.

TRANSCOM has to work closely with the other COCOMs because it is tasked to help support the geographic commands in their missions. The COCOMs share information largely through Cyber Command, but various JCC personnel also meet periodically to share information in collaboration sessions. At the action officer level, discussions occur more frequently, especially if a threat is noticed.

“In short, there are best practices to be found in military as well as commercial centers,” Gen. Touhill says. “That exchange of information has proved to be very helpful.” Both sides continue to focus on improving defenses, which often entails precise checklists to ensure good cyberhygiene. This work requires not only following procedures for using the systems, but also employing the proper configurations for equipment, such as using the most current version of software.

The general believes TRANSCOM has a different perspective on cybersecurity than COCOMs with less industry involvement. What officials in the transportation organization see from their broader experience with the .com domain, they try to share. Such knowledge includes the operational implications of working in a contested cyber environment outside the .mil domain.

Through the years, various shifts have occurred in the world of information assurance, but perhaps the most impactful is the least technical. Col. Johnson says “the most profound change in the last probably six months is the attention that cybersecurity is getting.” The topic now features regularly in the news, bringing benefits and pitfalls. While more resources are available, personnel are faced with much more data to sift through as well. However, the primary concerns of the JCC remain constant. The first priority is to integrate operational planning with cybersecurity. In the past, there was a disconnect, but now cyber is considered in all logistics planning, according to Col. Johnson.

He adds that “defining threats is the hard part.” Cyberprofessionals see more activity on the networks annually, including a four-fold increase last year in the number of events on the TRANSCOM network. However, “activity” includes many happenings, even those that do not constitute a direct threat. At the same time, sophistication in targeted events attributed to actual malicious activity continues to rise. Gen. Touhill says the command is faced with the interesting conundrum of handling a greater volume of anomalous behavior that could be malicious or innocent while also seeing the increase in definitely threatening activity. So defenders have to dig through the information to determine what is an attack, what is a mistake and what can be disregarded. “That’s all part of the power of the JCC that we set up here,” he explains.

Targeting TRANSCOM has certain appeal to cybercriminals. “Transportation is big business,” Gen. Touhill states. The command conducts operations worth multibillions of dollars every year and is a component in the operations of every other COCOM. “We are a key enabler for coalition activities around the world,” the general says. “We are a key enabler for humanitarian operations around the world. Not just the U.S., but U.S. interests rely on the nation’s precious transportation capability.”

If the command’s mission were to be compromised because of a cybersecurity event, the intrusion potentially could give adversaries insight into U.S. military operations worldwide. The JCC helps ensure that work across the command and its components can deliver cargo to the correct destinations on time. “U.S. TRANSCOM becomes an entity that many folks are interested in learning more about because of the fact that we support all other COCOMs and because U.S. TRANSCOM punches above its weight in providing great capabilities for the Defense Department and U.S. interests around the world,” Gen. Touhill explains.

As part of its partnership plan, the JCC has liaison officers from national agencies, including law enforcement organizations, that provide information and the ability to reach back into their agencies. Other groups represented in the JCC makeup include Cyber Command and the National Geospatial-Intelligence Agency. Though all COCOMs have such representatives, the transportation JCC has them fused onto the team.

Through the synergy created by the multifaceted teammates, the JCC can help in the broader cybersecurity mission. Members of the center do not control or defend the nation’s infrastructure, but keep an eye on such discussions. Understanding how to protect critical infrastructure is important for the many partners who help move cargo around.

And getting supplies and people to the right places is the key for the command. As Lt. Col. Christopher Budde, USAF, deputy chief of the JCC, explains, freedom to maneuver in the cyber domain is fundamental to every facet of the TRANSCOM mission and “that’s what the JCC is here for.”