DOD's network defense to remain decentralized

Despite increasing attacks on its networks, the Defense Department will continue to protect them the way they do now — at least for the time being.

In the past eight years, DOD officials have debated whether to assume total control of the department's networks or let network operations units in the military's commands continue to hold that responsibility. However, DOD officials have decided that current technology and turf battles preclude the formation of a centralized organization dedicated to managing and defending DOD networks.

Units in the military's commands, services and agencies will continue to operate and defend their networks. And they will work collaboratively under the oversight of Strategic Command's (Stratcom) Joint Task Force for Global Network Operations (JTF-GNO), according to the new "Joint Concept of Operations for Global Information Grid NetOps" document.

"There is now better centralization of authority and planning with a decentralization of execution at the combatant commands, services and agencies," said Army Col. James Barrineau, JTF-GNO's director for strategy, plans, policy and international relations, in an interview last week. He oversaw development of the document, which updates one issued last year and describes how DOD will operate and defend the GIG.

Barrineau said the 65-page document, which he described as more than a white paper but not quite military doctrine, achieves three goals for better operating and defending the GIG. First, it creates a better command structure, or unity of effort. Second, it provides for better communication on problems and threats, or common situational awareness. And finally, it enhances the performance of networks and their administrators, thereby enabling net-centricity.

DOD has debated for years how best to protect the GIG, Barrineau said. Some experts have proposed a new hierarchical approach in which the military has a single organization that operates and defends all of its networks. Others, however, support the current collaborative arrangement in which units in the military services manage and guard networks.

The technology does not exist to centrally operate and defend the GIG, he said. "It is impossible to effectively operate and defend the GIG from one centralized headquarters," the document states.

Although DOD lacks consensus on the idea of the department assuming total control of its networks, Barrineau said, support for the concept is increasing.

Mike Mullins, a consultant at Camber and former director of operations and security at an Army network operations center, said DOD made the right decision on how best to protect its networks for now. "We've struggled for years with trying to establish a network command," he said. "Local commanders will never cede their authority, and they're not supposed to."

Mullins agreed that the technology does not exist to centrally operate and defend the GIG because of interoperability issues.

Marine Corps Gen. James Cartwright, Stratcom commander, approved the new document in August. He sent it to leaders in the Pentagon, the military and DOD agencies.

"Our understanding of [network operations] and net-centric operations and warfare is still in its infancy," Cartwright wrote in the memo attached to the document.

An official at the Army's Network Enterprise Technology Command, the unit that operates and defends the service's networks, said network operations represent a core competency for the unit.

"The objectives and end state of [network operations] is to put into place an enterprise architecture solution across the entirety of LandWarNet, in synchronicity with JTF-GNO, the Defense Information Systems Agency and Strategic Command, and keep it current through updates of the Army Enterprise NetOps Integrated Architecture," said the official who requested anonymity. LandWarNet refers to the networks the Army contributes to the GIG.

Former military and industry officials have attributed recent attacks on DOD's networks primarily to Chinese cyber spies, crime gangs and thrill-seeking hackers. The department reported 40,076 incidents in 2001, 43,086 in 2002, 54,688 in 2003 and 74,053 in 2004.