Cyberwarrior on the front line
DOD's Bryan helps defend military networks from the known and unknown
About two years ago, then-Deputy Defense Secretary John Hamre asked a group
of high-level officials for the name of the person in charge of network
security. No one responded.
James Bryan, a recently promoted brigadier general at the time, remembers
that moment as a turning point in the Defense Department's network security
efforts, especially for the Army.
At the now-infamous meeting, Hamre polled the attendees to see which
service had the least secure networks. The Army lost, big time. The service
received a D-minus at best — or about a two on a scale of one to 10. As
the Army's representative at that meeting, Bryan said he "became the pincushion
for everybody's needles."
Now a major general and the second commander of the Pentagon's Joint
Task Force for Computer Network Defense (JTF-CND), Bryan has the responsibility
and authority to address that challenge. The joint task force was created
in December 1998 to help protect defense networks from security breaches.
Many agree that Bryan took the reins at JTF-CND at a critical time: Technology
is changing rapidly, the threat to U.S. military networks is becoming increasingly
sophisticated and the Pentagon is considering merging the joint task force
with a network attack organization into one sub-unified command under U.S.
Space Command. If approved, the sub-command would house both the offensive
and defensive cyberwarfare missions.
Bryan said he's up to the challenge of being JTF-CND's commander. He is
a self-described people person who keeps a rock on his desk inscribed with
the word "TEAM," meaning "together everyone achieves more." He also challenges
people to excel, according to Phil Loranger, one of Bryan's co-workers
while he was the Army's vice director of information systems for command,
control, communications and computers.
"We used to talk to him before we talked to the boss, and we were telling
him all the evils that were out there, all of the threats and all of the
bad guys, and how easy it was for our systems to come down," he said. "One
day he gave me the eye, and he said, "If you're such a hot shot kind of
guy, and the threat is really that real, then show me.' What he was telling
us was to put something together so that we could educate the leadership,
so that they could visually see the threat and understand the vulnerabilities."
Bryan's most recent post as the Pacific Command's director for command,
control, communications and computers proved a valuable preparation for
his current position. He was doing for the Pacific theater what he now does
on a global basis — protecting networks from strategic level attacks, among
other things.
"As the Pacific Command J-6, I was concerned every day with how well our
telecommunications and computer networks were protected in the Pacific
theater, which covers 52 percent of the earth's service, 16 time zones of
concern," Bryan said.
The experience also taught Bryan to respect how much a small organization
like the JTF-CND can achieve. "We were amazed at how rapidly [JTF-CND]
became operationally effective and achieved great credibility with us. They
did such a good job, I thought they had to be bigger than they are," Bryan
said.
Still, much work lies ahead. Bryan hopes to offer the Pentagon a new
and improved JTF-CND that he dubs "CND Better." He wants to sound the alarm
faster in times of cyberattacks, in part by developing better intrusion-detection
procedures and devices. This includes technologies to determine whether
the department's firewalls are configured properly or if up-to-date virus
detection software has been installed.
CND Better includes ongoing moves to standardize tactics, techniques,
procedures and doctrine; improve intelligence gathering and analysis capabilities;
and improve the ability to continue operating while suffering network
attacks. Unplugging the network while under a denial-of-service attack,
Bryan said, only achieves the attacker's goal.
Remaining operationally effective while experiencing a cyberattack,
however, requires education, training and practice. "It bothers me still
that too often when we experience a denial-of- service attack, even if
it's just a nuisance kind of attack, that we've turned as an automatic response
to disconnecting from the threat," he said.
"In effect, if that was the threat's intent, we've just helped them
succeed," Bryan added. "We need to figure out and to train to...operate
in that environment without simply turning to that rather catastrophic course
of action."
Yet, Bryan said his authority to take the offensive on cyberattacks
"is very limited" at present. "I believe in this area the wisest course
of action is to pursue the policy and procedural issues at or ahead of the
pace of technological capabilities, because whether or not to use an attack
as an active defense measure or as a weapon system is a decision that needs
to be operationally defined at the national policy levels, first and foremost."
Bryan said that while he wants to defend DOD networks with every "prudent
technology and technique" available, "we have to accept the fact that the
boundaries are very clearly defined for us and that we're not in the business
of defining what those boundaries are." It's important "to be patient with
those who are defining what the boundaries and the procedures and the proper
authorities are," he said.
NEXT STORY: Telecom moves focus on customer