Cyberwarrior on the front line

About two years ago, then-Deputy Defense Secretary John Hamre asked a group

of high-level officials for the name of the person in charge of network

security. No one responded.

James Bryan, a recently promoted brigadier general at the time, remembers

that moment as a turning point in the Defense Department's network security

efforts, especially for the Army.

At the now-infamous meeting, Hamre polled the attendees to see which

service had the least secure networks. The Army lost, big time. The service

received a D-minus at best — or about a two on a scale of one to 10. As

the Army's representative at that meeting, Bryan said he "became the pincushion

for everybody's needles."

Now a major general and the second commander of the Pentagon's Joint

Task Force for Computer Network Defense (JTF-CND), Bryan has the responsibility

and authority to address that challenge. The joint task force was created

in December 1998 to help protect defense networks from security breaches.

Many agree that Bryan took the reins at JTF-CND at a critical time: Technology

is changing rapidly, the threat to U.S. military networks is becoming increasingly

sophisticated and the Pentagon is considering merging the joint task force

with a network attack organization into one sub-unified command under U.S.

Space Command. If approved, the sub-command would house both the offensive

and defensive cyberwarfare missions.

Bryan said he's up to the challenge of being JTF-CND's commander. He is

a self-described people person who keeps a rock on his desk inscribed with

the word "TEAM," meaning "together everyone achieves more." He also challenges

people to excel, according to Phil Loranger, one of Bryan's co-workers

while he was the Army's vice director of information systems for command,

control, communications and computers.

"We used to talk to him before we talked to the boss, and we were telling

him all the evils that were out there, all of the threats and all of the

bad guys, and how easy it was for our systems to come down," he said. "One

day he gave me the eye, and he said, "If you're such a hot shot kind of

guy, and the threat is really that real, then show me.' What he was telling

us was to put something together so that we could educate the leadership,

so that they could visually see the threat and understand the vulnerabilities."

Bryan's most recent post as the Pacific Command's director for command,

control, communications and computers proved a valuable preparation for

his current position. He was doing for the Pacific theater what he now does

on a global basis — protecting networks from strategic level attacks, among

other things.

"As the Pacific Command J-6, I was concerned every day with how well our

telecommunications and computer networks were protected in the Pacific

theater, which covers 52 percent of the earth's service, 16 time zones of

concern," Bryan said.

The experience also taught Bryan to respect how much a small organization

like the JTF-CND can achieve. "We were amazed at how rapidly [JTF-CND]

became operationally effective and achieved great credibility with us. They

did such a good job, I thought they had to be bigger than they are," Bryan

said.

Still, much work lies ahead. Bryan hopes to offer the Pentagon a new

and improved JTF-CND that he dubs "CND Better." He wants to sound the alarm

faster in times of cyberattacks, in part by developing better intrusion-detection

procedures and devices. This includes technologies to determine whether

the department's firewalls are configured properly or if up-to-date virus

detection software has been installed.

CND Better includes ongoing moves to standardize tactics, techniques,

procedures and doctrine; improve intelligence gathering and analysis capabilities;

and improve the ability to continue operating while suffering network

attacks. Unplugging the network while under a denial-of-service attack,

Bryan said, only achieves the attacker's goal.

Remaining operationally effective while experiencing a cyberattack,

however, requires education, training and practice. "It bothers me still

that too often when we experience a denial-of- service attack, even if

it's just a nuisance kind of attack, that we've turned as an automatic response

to disconnecting from the threat," he said.

"In effect, if that was the threat's intent, we've just helped them

succeed," Bryan added. "We need to figure out and to train to...operate

in that environment without simply turning to that rather catastrophic course

of action."

Yet, Bryan said his authority to take the offensive on cyberattacks

"is very limited" at present. "I believe in this area the wisest course

of action is to pursue the policy and procedural issues at or ahead of the

pace of technological capabilities, because whether or not to use an attack

as an active defense measure or as a weapon system is a decision that needs

to be operationally defined at the national policy levels, first and foremost."

Bryan said that while he wants to defend DOD networks with every "prudent

technology and technique" available, "we have to accept the fact that the

boundaries are very clearly defined for us and that we're not in the business

of defining what those boundaries are." It's important "to be patient with

those who are defining what the boundaries and the procedures and the proper

authorities are," he said.