National Guard June 2012 : Page 22
Growth Mission By William Matthews Air Force leaders want to cut reliance on the Guard for many flying missions, but they increasingly turn to the Guard to meet the ‘accelerating’ cyber threat or the cyber-minded, this just might be the coolest job in the national Guard: Using ordinary computers and extraordinary knowl-edge of information systems, mem-bers of the 177th information Warfare Aggressor Squadron gleefully break into computer networks. but not just any networks, U.S. military networks. 22 F | “my guys are trained hackers, basi-cally,” says Lt. col. Jason Knobbe, the commander of the Kansas Air national Guard squadron. “our job is to be the bad guy for the department of defense.” So, like “a script kiddie in his mom’s basement” or an agent of a foreign government, the 177th cyberwarriors hack. Starting “in the dot-com world,” the 125 airmen worm their way into the dot-mil realm by exploiting network vulnerabilities. they search out open back doors and missing software patches, manipu-late gullible operators, break in, and, if possible, take over the network, Knobbe says. but breaking and entering isn’t the ultimate goal. Uncovering security gaps and teaching network operators how to plug them to keep more malevolent hackers at bay is. “We help the blue defenders learn situational awareness and counter-measures,” Knobbe says. “if we find vulnerability, we try to patch it.” in an age of shrinking budgets and dwindling forces, cyber is one of the few growth areas for the Guard. in march, Air Force Secretary mi-chael donley announced the creation National Guard
Air Force leaders want to cut reliance on the Guard for many flying missions, but they increasingly turn to the Guard to meet the ‘accelerating’ cyber threat
For the cyber-minded, this just might be the coolest job in the national Guard: Using ordinary computers and extraordinary knowledge of information systems, members of the 177th information Warfare Aggressor Squadron gleefully break into computer networks.
But not just any networks, U.S. military networks.
“my guys are trained hackers, basically,” says Lt. col. Jason Knobbe, the commander of the Kansas Air national Guard squadron. “our job is to be the bad guy for the department of defense.”
So, like “a script kiddie in his mom’s basement” or an agent of a foreign government, the 177th cyberwarriors hack. Starting “in the dot-com world,” the 125 airmen worm their way into the dot-mil realm by exploiting network vulnerabilities.They search out open back doors and missing software patches, manipulate gullible operators, break in, and, if possible, take over the network, Knobbe says.
But breaking and entering isn’t the ultimate goal.
Uncovering security gaps and teaching network operators how to plug them to keep more malevolent hackers at bay is.
“We help the blue defenders learn situational awareness and countermeasures,” Knobbe says. “if we find vulnerability, we try to patch it.”
In an age of shrinking budgets and dwindling forces, cyber is one of the few growth areas for the Guard.
In march, Air Force Secretary michael donley announced the creation Of two new Air Guard information-operations squadrons, one in California and one in Washington state. In addition, he said, the Air Guard would be expanding the Maryland Guard’s 175th Network Warfare Squadron noted for its work with the National Security Agency.
These new additions will be “cyber hunter squadrons,” part of a fresh and more aggressive approach to defending military networks called “active defense.”
Their job will be to monitor networks for intrusions and unauthorized users, to analyze what they find and develop countermeasures, says Lt. Col. Sean Kelley, the chief of the Air Guard’s Cyberwarfare and Information Operations Division.
The central tenet of their mission is “preemptive defense—go out and find threats before they find you,” Kelley says.
The units will include intelligence specialists whose job is to uncover information about emerging cyber threats, and cyber forensic experts who will analyze threats and try to track them back to their origins.
The aim of this cyber sleuthing is “mission assurance,” eliminating threats and keeping networks running so they can carry out military missions, Kelley says.
These new units are just the beginning.
“If the Air Force portfolio was the stock market, I would invest in cyber,” Lt. Gen. Harry M. Wyatt III, the Air Guard director, told a gathering of defense experts at the Center for Strategic and International Studies.
Faced with a defense budget that could cut nearly 200 aircraft from the Air Guard fleet by 2017, Wyatt said the Air Guard “is shifting from a platform-based construct of the past to a capabilities-based force. Of our 106,700 Air National Guardsmen right now, close to 9,000 are already involved in cyber.”
And that number will be growing.
“What we’re looking at is a global cyber arms race,” said Rear Adm. Samuel Cox, the intelligence chief at the U. S. Cyber Command, told a conference in Washington, D.C., in April. “It’s not proceeding at a leisurely or even a linear fashion, but in fact is accelerating.”
The cyber threat endangers national security, public safety and the U. S. economy, he said.
In March, Cox’s boss, Gen. Keith Alexander, the chief of the U.S. Cyber Command, reported to House and Senate committees that the U.S. intelligence community now ranks cyber threats “just behind terrorism and proliferation in its list of the biggest challenges facing our nation.”
And the threat isn’t just aimed at the military.
“We are also increasingly concerned about the threat to our defense industrial base and the nation’s critical infrastructure,” said Madelyn Creedon, the assistant defense secretary for global strategic affairs.
“We have seen the loss of significant amounts of intellectual property and sensitive defense information that reside on, or transit defense industrial base systems” she told the House Subcommittee on Emerging Threats and Capabilities.
She put the cost at “billions of dollars annually.”
Part of the problem is cyber criminals, who steal data that they can sell, Alexander told lawmakers. But in addition to criminals, “several nations have turned their resources and power against us.”
Alexander didn’t name names, but China, Russia and increasingly Iran have emerged as cyber concerns.
Still, it remains unclear what role the U.S. military should play in defending U.S. companies and critical infrastructure against cyber attackers.Many in the military are reluctant to assume responsibility for defending nonmilitary cyberspace, in large part because there are long-standing legal restrictions against military involvement in domestic intelligence gathering and law enforcement.
“We believe strongly in a whole-ofgovernment approach to cybersecurity,” Creedon told House lawmakers.
That is, the military should work closely with the departments of Homeland Security, Justice, State, Treasury, Commerce and other agencies on cyber defense.
The Defense Department spends $37 billion a year on information technology and of that, $3.4 billion goes into cybersecurity, says Pentagon chief information officer Teresa Takai.
By contrast, the Department of Homeland Security, the lead agency for protecting U.S. critical infrastructure, has budgeted just $1.2 billion for cyber defense in 2013.
“We should not kid ourselves,” said Rep. Mac Thornberry, R-Texas, the chairman of the emerging threats subcommittee. “The American people expect the Department of Defense to defend the country in whatever domain it is attacked.”
Alexander seems willing to take on that mission.
“I think in extremis the Defense Department would be the natural ones to defend the country,” he told Thornberry. “I believe within the administration there’s general agreement that that is correct. The issue is, what are those circumstances? And how do we do it?
A number of U.S. laws forbid the military to spy on “United States persons” in the United States, among them the Foreign Intelligence Surveillance Act, the Fourth Amendment to The Constitution and the Posse Comitatus Act. “U.S. persons” include U.S. citizens, legal aliens, associations and U. S. corporations.
Some cyber policy-makers say the Department of Homeland Security should be responsible for defending nonmilitary networks, but that network owners should do most of the work.
Might the Guard be a partial solution?
Operating in state status under the command of governors, Guard cyber experts have already helped secure some nonmilitary computer systems.“We’ve done it twice,” says Col.Brian Dravis, the commander of the Washington Air National Guard’s 194th Regional Support Wing.
The wing’s 262nd Information Warfare Squadron ran security assessments on the state’s enhanced drivers license system in advance of the 2010 Winter Olympics in neighboring British Columbia.
Washington’s enhanced drivers licenses can also serve as border crossing documents, so system security was important during the international sporting competition. The unit has also conducted cyber security assessments for the state emergency management division’s network.
The Washington Air Guard has also received congressional funding to study the security of industrial control systems, and has conducted “very productive discussions” with senior White House officials about a possible role in critical infrastructure protection, Dravis says.
“Can we broaden that out for domestic support? We’re looking at that,” he says.
So is the National Guard Bureau.
“We’re watching closely the laws, regulations and policies that are coming out,” says Maj. Aaron Munn, the cyber program manager in the Army Guard’s operations division. “[But for now,] our main effort is to protect military networks. For the Army National Guard, that means GuardNet.”
Many Army Guard units have members with the necessary skills to help defend civilian cyber networks, Munn says, but “right now, we don’t use those skills for the dot-coms and the commercial side of the house.”
And it’s still unclear “how or if the Army Guard or the National Guard as a whole would fit in with defending nondot-mil networks,” he says.
It’s not just legal restrictions that impede greater Guard involvement in domestic cyber defense.
Industries like “the banking industry most likely would not allow the military to come in and look at their networks,” says Lt. Col. Dennis Riel, a spokesman for the Rhode Island National Guard.
The Rhode Island Air Guard’s 102nd Network Warfare Squadron monitors military networks for anomalies and suspicious activity, and conducts cyber-readiness inspections of military computer networks across the United States and overseas.
The squadron does not perform similar work on civilian networks, Riel says, although that might be a possibility in the future.
“We’ve partnered with the Rhode Island Emergency Management Agency, the state police and universities to bring a team together for the general awareness on cyber issues,” says Capt.
Charlene Marshall, the squadron’s operations officer.
This multiagency regional “cyber disruption team” stands ready to help in the event of a cyber disaster, military or civilian, she says.
“We would respond,” Riel says, “but it would have to be through the Emergency Management Agency.”
Meanwhile, there’s a growing mission for protecting military networks.
The Defense Department operates more than 15,000 networks that are linked to more than 7 million computing devices, according to Creedon.
And the military’s networks are probed millions of times a day, according to the Pentagon’s Strategy for Operating in Cyberspace.
In addition to China, Russia and Iran, military cyber experts worry About terrorist organizations, organized crime and garden-variety hackers.
Guard cyber specialists, too, pay attention to those threats.
“I wouldn’t say we are addressing any specifi c threats,” says Kelley, the Air Guard cyberwarfare chief. “We are trying to develop capabilities so that we can handle the full spectrum of operations, from defense to offense to exploitation to analysis and forensics, based on the requirements the Air Force is giving us. We’re developing capabilities to face any threat that’s out there.”
The Air Guard leads among reserve forces in developing offensive cyber capabilities.
It operates two 100-person squadrons that are capable of launching cyber attacks. They’re Maryland’s 175th Network Warfare Squadron and Delaware’s 166th Network Warfare Squadron.
Both squadrons support the National Security Agency, but Guard officials in Delaware and Maryland declined to discuss what the units do.
As cyber operations and units expand, the active-component services are struggling to attract and retain qualified cyber troops.
But that’s proving to be less of a problem for the Guard.
In an address at a CyberFutures Conference in March, Gen. William Shelton, the chief of the Air Force Space Command, called the shortage of cyber recruits for the Air Force “a serious national security issue.”
Shelton said far too few U.S. college graduates now are earning technical degrees. Of those who do, too many are foreign nationals who are ineligible to work in U.S. national security.And too many others “aren’t the kind of folks that would necessarily take well to military life,” he said.
Pay is another problem.
“There’s no way that the military can compete with civilian salaries” for cyber professionals, said Wyatt, the Air Guard director.
But pay disparity creates opportunities for the Guard. By joining the Guard, cyberwarriors can keep their high-paying civilian jobs and still serve in the military.
That formula seems to be working.The authorized personnel end-strength of Rhode Island’s 102nd is 50 airmen, but “we’re currently stacked at 58,” said Marshall, the operations officer.
In Washington state, where the 143rd Information Operations Squadron is being created from a combat communications squadron, “we’re demographically blessed,” says Dravis, the wing commander.
The 143rd’s headquarters sits about two miles east of Interstate 5, which runs from Canada to Mexico along the West Coast.
In western Washington, the I-5 corridor is dotted with high-tech industries—Microsoft, Cisco, Boeing, T-Mobile, supercomputer-maker Cray and dozens of software companies.
“We pull extensively from them,” Dravis says. “We have significant experience levels walking into our units.”
The Los Angeles area is another “hotbed of cybertech,” says Col.Stephen Beck, commander of the California Air Guard’s 162nd Combat Communications Group. The group’s new 261st Information Operations Squadron is based in Van Nuys, just north of L.A.
In addition to numerous high-tech companies, many with ties to the military, the area has “tons of universities and two dozen cyber-research centers, all within an hour or two drive,” Beck says.
Similar demographics exist for the 175th in Maryland. As it expands, it expects to draw from high-tech companies clustered around Washington,D. C., and Baltimore.
The locations are no coincidence.The three units were selected for cyber missions because of their proximity to cyber-savvy populations, Wyatt said.But proximity isn’t always essential.
“We’ve got a cyberwarrior in Washington state,” Wyatt said, “who, on drill weekends, on his own dime, flies to the east coast to Fort Meade to do battle with folks worldwide.”
William Matthews is a Springfield, Va.- based freelance writer who specializes in military matters. He can be contacted via firstname.lastname@example.org.
Army Guard: ‘We Do Cyber Defense Every Day’
The Army National Guard isn’t as far along as the Air Guard in defining its role in cyberspace or creating specific cyber units, concedes Maj.Dan Snowdall, information assurance officer for the Army Guard’s chief information of cer.
Cyber just wasn’t a top priority while the Army had its hands full with the wars in Afghanistan and Iraq.
But cyber operations weren’t completely ignored.“We do [cyber] defense every day,” Snowdall says.“We’re involved with our own network—GuardNet— that reaches all 54 states and territories.”
The Army Guard also maintains “a robust capability as far as military intelligence and signal units that can provide cyber capability to the Army and the Department of Defense for operations at the federal level, which we do,” Snowdall says.
But so far, the Army Guard has only one specifically cyber unit, the Virginia Data Processing Unit based outside Washington, D.C. Discussions are underway to determine what other Guard cyber units the Army might need and what cyber role the Army Guard should play.
“We are taking a very methodical approach to the development of cyber forces,” Snowdall says.
But considering the threat, greater Army Guard involvement in cyber missions seems inevitable.
—By William Matthews
Read the full article at http://nationalguardmagazine.com/article/Growth+Mission/1080705/114111/article.html.