DOD cyberwarriors in a war of attrition
New paper suggests policy changes and use of fake networks to better defend systems.
Military officials can better protect their communications systems by building fake networks or Honeynets to divert adversaries away from critical systems and to gain intelligence on their attack methods, a top official in the Defense Department’s cyberdefense organization suggests in a new paper.
The new computer defense strategy is called Net Force Maneuver. “For Net Force Maneuver, our objective is to draw the adversaries away from real, mission-critical systems while learning as much about their attack techniques and capabilities as possible,” said Army Col. Carl Hunt, director of technology and analysis/J-9 in the Joint Task Force for Global Network Operations (JTF-GNO), in the paper “Net Force Maneuver: A NetOps Construct.”
To use Net Force Maneuver, military officials must better understand their networks, the technologies available to better operate them and their adversaries’ capabilities, Hunt said. He co-wrote the paper with Doug Gardner, director of the Applied Technology Unit in JTF-GNO, and Jeffrey Bowes, technical director of the Joint Information Operations Division of Northrop Grumman’s Information Technology TASC unit. The paper appeared in the 2005 Information Assurance Proceedings publication produced for the Institute of Electrical and Electronics Engineers Computer Society’s Systems, Man and Cybernetics IA Workshop held in June at the U.S. Military Academy at West Point, but was announced at the Army IT Conference in Las Vegas earlier that month.
Hunt also describes the military’s current computer network defense strategy as a battle against attrition. “Unfortunately, attrition is a reasonable characterization of our defensive computer network strategy today, with one major caveat,” he said. “With the exception of an occasional arrest, our adversaries are able to inflict a substantial amount of harassment and a measurable amount of damage upon DOD communications networks at practically no cost to themselves.”
Hunt went on to say, “It’s probably only a slight exaggeration to say we are fighting an attrition battle where we are the only ones being attrited.”
NEXT STORY: IAPP will certify government privacy officials