by MAJ Robert Turk and CPT Shawn Hollingsworth
FORT GORDON, Ga. As the Army prepares to digitize the force, a new threat unlike any the Army has seen before is developing. Our enemies are no longer spending billions of dollars on materiel but are now investing in information warfare. Future conflicts are expected to be more asymmetric, in which IW forces do substantial damage to large, computer-dependent adversaries.
In a recent edition of The Washington Times, the Chinese Peoples Liberation Army publicly announced plans to conduct Internet warfare against the United States. The PLA is gearing up for wartime computer attacks on networks and the Internet that will affect everything from banking to our militarys communications structure.
In the past year, attempts to hack the Armys networks have greatly increased, from the Melissa virus to computer attacks against the Pentagon by an Israeli hacker and two California teenagers. The Army is now placing as much attention on protecting communications networks as we spent preparing for the year 2000. The Signal Center here has responsibility for the combat developments of tactical, strategic and sustaining-base communications systems and the security systems that protect them. The Signal Center represents the warfighter in developing information-assurance tactics, techniques and procedures to protect our tactical networks from our enemies.
During a recent IA Industry Day conference, LTG David Kelley, Defense Information Systems Agencys director, said an "information Pearl Harbor" is imminent. Its not a matter of whether such an attempt will be made but when, according to Kelley. The Signal Center is taking into consideration this new threat as the Army migrates to Warfighter Information Network-tactical, which will replace the triservice tactical communications and mobile-subscriber equipment switch systems.
WIN-T is the Armys Force XXI command, control, communications, computers, intelligence, surveillance and reconnaissance tactical-communications network that will integrate joint, multinational, commercial and battlefield networks into an intranet that provides mobile, secure, survivable and multimedia seamless connectivity among all elements within the battlespace from theater to battalion level. WIN-Ts backbone will support multiple security levels: top secret/special compartmented information, secret and sensitive but unclassified and the different modes of information to include voice, data, video and imagery.
Network-based monitoring technology within the defense information infrastructure is being mandated on a large scale across the Defense Department. WIN-T will include IA security features throughout the network that will employ DoDs defense-in-depth strategy to protect, detect and respond to attacks on the militarys information systems. Some of the services offered through IA are authentication-verification of the originator, nonrepudiation-incontestable proof of participation, availability-unimpeded access to authorized users, confidentiality-protection from unauthorized disclosure and integrity-protection from information damage.
Layering IA technology solutions is the fundamental principal of the defense-in-depth strategy. The defense-in-depth concept includes three key areas of protection: external perimeter, internal network and local computer hosts.
Protected electronic perimeters are needed for local enclaves since many end-user systems have little built-in protection against external access. These systems are difficult to administer well enough to provide an effective defense. Protected perimeters are like castle walls and gates, which enable professional administrators to control flow in and out. They also enable traffic through the gate to be throttled at different levels during changing information conditions and allow specific services to be deactivated if they come under successful attack.
The external perimeter safeguards include firewalls, intrusion detection, inline encryptors and, where necessary, physical isolation. Internal network protection consists of a combination of security guards, firewalls and/or router filtering devices to serve as barriers between echelons and/or functional communities. Host-based monitoring technologies include detecting and eradicating malicious software (for example, a virus), detecting software changes, checking configuration changes and generating an audit, audit reduction and audit report.
The defense-in-depth strategy will provide a robust and resilient infrastructure designed to limit, contain and repair damage that results from attacks. A fundamental criterion of the defense-in-depth strategy is that no single attack can lead to the failure of a critical function and that no critical function or system is protected by a single protection mechanism. This strategy is a key element in successfully implementing IA in the WIN-T network.
The figure below depicts WIN-Ts conceptual security architecture, which follows the layered protection strategy. Each layer will consist of different configurations of IA tools designed to prevent a would-be intruder from gaining access to all systems by defeating one layer.
The external layer, the strongest layer of protection in the network, is the first line of defense in the defense-in-depth architecture. The perimeters primary focus is protecting the inside from the outside, but enclave boundaries also provide some protection against malicious insiders (for instance, those who use the enclave to launch attacks). Protection measures include firewalls, filtering routers, replication servers, strong authentication, authentication servers, Internet protocol security/virtual private networks and measures to defend against backdoors that circumvent firewalls, such as internal use of cellular phones or modems (sending data through voice public branch exchanges). The external layer and its suite of IA equipment will interface with external connections such as the secret Internet protocol router network, nonsecure Internet protocol router network and Joint Worldwide Intelligence Communications System.
The network layer will focus on network-based monitoring (intrusion detection), providing the capability to identify attacks and suspicious network activity. It captures and forwards event data to a predefined IA cell or the regional computer-response team.
At the user level, command-and-control protect tools will be employed on the individual host workstations. Host-based monitoring will reside on servers and end-user systems and will detect attacks against individual hosts. Its detect capability is more fine-grained than network-based monitoring and can be the best line of defense in detecting malicious insiders. Local-host protection software consists of transmission-control protocol wrappers for individual-access control, a security profile inspector, a simple watch for alerting when audit anomalies occur in the profile, and McAfee virus protection. This C2 package is our last line of defense against unauthorized use and entry.
Voice subscribers will be able to place and receive secure telephone calls to subscribers located on switched networks that incorporate National Security Agency Type I-approved devices, excluding the digital-subscriber voice terminal, which is the current secure wireline voice terminal. WIN-T will provide selected users with a handheld device that will connect via both terrestrial and available satellite means to the WIN-T infrastructure, and via airborne platforms to communicate within the operations area including in and around command posts and tactical-operations centers. It will have a secure (NSA-approved) capability that provides voice, data and video communications.
Another form of IA that will be available to the user is the public-key infrastructure. PKI refers to the framework and services that provide for generating, producing, distributing, controlling and accounting for public key certificates. It provides critical support to security applications providing confidentiality, authentication of network transactions, data integrity and nonrepudiation.
WIN-T isnt designed to counter a specific threat. However, certain security IA components are designed to protect WIN-T from the IW threat. IA, as part of this strategy, protects the Armys C2 information network from attempts to penetrate the network to obtain, disrupt or manipulate the resident information. It allows simultaneous access and processing protection for users at different security levels. IA and the security features in the WIN-T network will continue to change after its fielding in the year 2005. Even as technology evolves and the threat changes, the Army must continue to protect its vital communications networks.
MAJ Turk is the acting branch chief, switching-and-networks branch, materiel-requirements division, in the Signal Centers combat-developments directorate. He received his bachelor of science and master of science degrees in computer science from Alabama A&M University, Huntsville, Ala., and Towson University, Towson, Md. He can be reached at email@example.com.
CPT Hollingsworth is the IA officer in switching-and-networks branch. He holds a master of science degree in technology management from Mercer University, Atlanta, Ga. He can be reached at firstname.lastname@example.org.
Back issues on-line | "Most requested" articles | Article search | Subscriptions | Writer's guide
Army Communicator is part of Regimental Division, a division of Office Chief of Signal.