The network “will provide deeper and broader cyber capabilities and services to our clients on their terms – when they need it and where they need it,” said Joe Mahaffee, Booz Allen executive vice president and chief information security officer. 

Booz Allen said the initial network launch includes four centers in Maryland, four in Virginia and one in New Jersey.

Booz Allen said a center near Fort Meade, Md., the National Security Agency, the U.S. Cyber Command and the Defense Cyber Crime Center will focus on cyber, forensics, malware and software analytics.

The Cyber Security Operations Center in Northern Virginia is the primary location for the company’s networks and systems. Booz Allen said this center provides round-the-clock emergency response, mobile forensics, cyber analytics, intelligence and network monitoring.

Photo: Wikipedia.org

A new memo from the Defense Department says the responsibilities of DoD chief information officer won’t be transferred to Cyber Command.

Posted online July 5, the undated memo is signed by former Defense Secretary Robert M. Gates, who recently resigned from his role.

According to the memo, obtained by FierceGovernmentIT, Gates had previously “tentatively agreed to a conceptual approach” under which significant responsibility for the operation of DoD networks would have transferred away from the DoD CIO and Defense Information Systems Agency to Cyber Command.

However, “significant policy, operational and practical concerns” prevent that from taking place, and DoD was back at square one with trying to figure out the duties of the DoD CIO.

“To this end, I believe the best course for the department is to return to the original goal of disestablishing [Networks Integration and Information] into a smaller and more focused and strengthened Chief Information Officer Office that has a strong relationship between DISA and CYBERCOM and achieves savings from eliminating functions that are duplicative or no longer necessary,” Gates writes.

The memo requests that acquisition oversight of major automated information systems and responsibility for netcentricity and command and control systems be transferred to the Office of the Under Secretary of Acquisition, Technology and Logistics by Sept. 30

Gates also calls for an enhanced relationship and clearer delineation of responsibilities between CIO, DISA and Cyber Command, “consistent with my decision to retain responsibility for DISA within CIO.”

While the Cyber Command mostly meets joint guidance and maps out its organizational and operational relationships in general terms, the GAO report said “greater specificity” is needed to make clear who can perform various types of cyberspace operations in order for the military services to organize, train and equip cyber forces.

Without the specific guidelines, the services could face problems in meeting staffing needs for certain types of cyber forces, the report noted. Additional specificity would also enable the military services to better plan their support for DoD cyberspace operations, GAO concluded.

GAO recommends DoD set a timeline to develop and publish specific guidance regarding the Cyber Command and its service components’ cyberspace operations. Those guidelines would include three categories: personnel that can conduct various cyberspace operations; command and control relationships between Cyber Command and the geographic combatant commands; and mission requirements and capabilities the services must meet to provide long-term operational support to the command.

“Until such detailed guidance is articulated, the military services will continue to move forward in planning, budgeting, recruiting and training personnel to conduct cyberspace operations without knowing whether their efforts will meet U.S. Cyber Command’s mission needs,” the report concluded.

Image: Juan Fuertes

Together with companies such as defense contractor Lockheed Martin and Johns Hopkins University’s Applied Physics Laboratory, the Defense Advanced Research Projects Agency is building a virtual firing range in cyberspace, where researches can get a “realistic, quantifiable assessments of the nation’s cyber research and development technologies,” according to DARPA factsheet.

Made up by testbeds that can conduct independent tests, or be integrated into one or more larger testbeds, the NCR will allow researchers to measure their progress in either a classified or unclassified environment, against appropriate threats, with adequate timeliness and accuracy to allow for corrections and identify new capability needs, the DARPA release said.

The project cost an estimated $130 million, and is expected to be fully operational by mid-2012. It will also help train cyber warriors such as those working for the U.S. Cyber Command, Reuters reported.

Robert Butler, DoD

In line with an agreement between the department secretaries last fall and the recently released International Strategy for Cyberspace, the Defense Department and Department of Homeland Security are sharing cybersecurity information, capabilities and expertise, a Pentagon official said.

Robert J. Butler, deputy assistant secretary of defense for cyber policy, testified before the Senate Committee on Homeland Security and Governmental Affairs last week about the Obama administration’s legislative proposal to protect the nation’s computer networks, the Armed Forces Press Services reported.

The new strategy calls for DHS to spearhead the effort to protect citizens, the nation’s critical infrastructure and the federal government’s computer networks. While DoD would retain continue protect its “dot-mil” domain, it would work closely with DHS and the departments of Justice and Commerce to better protect the Internet.

Protecting computer networks requires a “whole of government” approach, Butler stressed, and the Defense and Homeland Security departments already are doing that. Defense Secretary Robert M. Gates and DHS  Secretary Janet Napolitano laid the foundation for the collaboration in October with their agreement to share operational planning and technical development, he said.

Since then, Butler said, the collaboration has grown into joint coordination at U.S. Cyber Command and the National Security Agency at Fort Meade, Md., and the sharing of information, capabilities and employees.

As an example of such collaboration, Philip Reitinger, undersecretary of homeland defense for national protection and programs, said DHS, DoD and NSA officials meet regularly and have weekly teleconferences to coordinate cybersecurity.

DHS will stay “operationally synched” with DoD, and both departments and NSA will deploy cyber experts to work at each others’ sites, Reitinger said.

To ensure a steady supply of cyber experts in the future, Butler said, DoD supports various high school and college competitions such as the CyberPatriot, as well as coaching and mentoring programs in cybersecurity.

“This is not only about today; it’s also about tomorrow,” he said. “Secretary Gates has made this a big priority.”

Benjamin Netanyahu

Israel’s Prime Minister Benjamin Netanyahu yesterday announced the stand up of a cyber command to protect the nation against cyber attacks on digital infrastructure and to boost the competitiveness of local industries specializing in high-tech security, Reuters reports.

The new National Cybernetic Taskforce will have access to a budget of “hundreds of millions of shekels” in the coming years, Netanyahu said, to “stand up to the menace of future cyber attacks.”

The new facility will also coordinate between the needs of national defense and the growth potential of the cyber industries and the academic field, the prime minister said, citing a plan to implement related studies at secondary-school level.

Professor Yitzhak Ben-Yisrael, who headed the team that recommended launching the initiative, told Israeli business daily Globes the task force is  “engaged on the defensive side,” but it could not discuss specific strategies.

“But I can assure you that we’ll meet any cyber attack,” he added. “U.K. Prime Minister David Cameron told me that they were cutting back everything, except for cyber defense, in which they were investing heavily. We will also invest hundreds of millions of shekels.”

Keith B. Alexander, U.S. Cyber Command/NSA

With at least 5,000 new pieces of malware show up online a day, simply deploying a firewall and fixing things when they break isn’t good enough, according to U.S. Cyber Command and National Security Agency head Gen. Keith B. Alexander.

“We can no longer depend on a static defense,” said Alexander, spoke at the University of Tulsa on Monday, The Tulsa World reports. He noted that as electricity and water systems become increasingly computerized and interconnected, they too could be brought down by a cyber attack.

Alexander spoke of the electric grid in the Northeast that collapsed in 2003 because of software anomalies. He also mentioned the Sayano-Shushenskaya hydroelectric dam in Russia, which suffered a turbine failure in 2009 and killed 75 people because its stability software was down.

Concern about civil liberties often emerges in talks about cybersecurity, and Alexander said he and his team worry about it, too.

“We’re not asking for one over the other; we should have both civil liberties and protection,” he said. “As Americans, we should demand it.”

NSA’s cyber activities are both defensive and offensive in nature, though the general said he could not offer details on particular offensive operations. He did say the rules of computerized warfare are still being determined, such as what happens when an attack is routed through an adversarial country, a neutral nation or the United States, itself.

“These are issues we have to work our way through, because the laws and boundaries aren’t clear,” he said.

Alexander, who also heads the National Security Agency, told a House subcommittee he believes the shift can be made safely and that his staff went searching for the best method to help secure DoD’s networks.

“It was our opinion that the best way to go was to a thin, cloud, virtual cloud environment, analogous to the way that Google, AT&T and others are doing it,” he said.

The cloud approach might save “manpower and money,” Alexander said, although “that’s yet to be proven.” A move to the cloud also could factor in the U.S. plan to strengthen cybersecurity. With information consolidated at fewer locations, some of DoD’s IT workforce could be retrained for “full spectrum cyber capability,” he said.

Hours before Alexander’s testimony, Harris Corp., RSA and the Virtual Computing Environment Company announced they would collaborate at a digital storage facility Harris has built in Virginia. Slated to open in May, the Cyber Integration Center would house stacks of computers, called Vblocks, provided by VCE. The Vblocks would store data for federal clients, and RSA would supply the network security software for the facility.

Harris said the center’s security and network monitoring systems would be designed to inspire trust among potential customers at DoD and within civilian intelligence agencies. And the question of trust has been of particular concern in the Intelligence Community, retired Air Force Maj. Gen. Dale Meyerrose, vice president and general manager of Harris Cyber Integrated Solutions, told C4ISR.

“What bothers the Intelligence Community is that right now they don’t believe that you can guarantee the authority, trust and authentication of data in that environment,” he said.

To remedy the trust issues, the companies plan to jointly market Harris’ Trusted Enterprise Cloud services, which features a “trust scoring” system that will scan streams of data and software to ensure they have not been modified, Meyerrose said.

The centralized approach could be more efficient for government agencies because a single computer stack would house data from numerous customers, C4ISR said.

Keith B. Alexander, Cyber Command

The U.S. military lacks educated cyber warriors and the legal authorities it needs to respond to a cyber attack on the nation or its allies, and a crisis would quickly deplete the force the U.S. does have, the chief of Cyber Command said yesterday.

Gen. Keith Alexander, who is dual hatted in his roles as chief of the U.S. Cyber Command as well as the National Security Agency, told Congress he would give the military a grade of “C” in its capability to safeguard Pentagon networks, although he acknowledged there has been progress, according to The Associated Press,

“We are finding that we do not have the capacity to do everything we need to accomplish,” he said, according to AP. “To put it bluntly, we are very thin, and a crisis would quickly stress our cyber forces.”

The cyber chief said cyberspace should not be allowed to be “a sanctuary where real and potential adversaries can marshal forces and capabilities to use against us and our allies.”

However, as of now, Alexander said, the military does not have the cyber force it needs to defend its networks or to ensure its ability to plan and operate in cyberspace.

Pointing to the recent uprisings in the Middle East and governments blocking Internet access to disrupt protests, the cyber commander also spoke about how other nations have cyber weapons that can devastate infrastructure as powerfully as kinetic warfare.

The U.S. military is prepared to launch cyber attacks to protect critical infrastructure, Alexander said, or respond to an assault on the homeland or U.S. allies. But, he said, the administration and Congress need to better define what the military can do under certain circumstances, including how and when it can take steps to protect civilian networks.