DOD's cyberspace defender
- By Dan Caterinicchia, Dan Caterinicchia
- Feb 09, 2003
As chief cyber defender of the Defense Department's networks, Maj. Gen. J. David Bryan understands better than most that the best offense is a good defense.
Bryan is commander of the U.S. Strategic Command's Joint Task Force-Computer Network Operations — a group responsible for defending all DOD networks from attack and initiating cyberattacks when instructed by the president or the secretary of Defense.
Bryan would not say whether or not the United States has ever initiated a cyberattack, but he did say that it's important to strike a balance between the organization's dual missions and the consequences of failing at either.
"Offensive [cyber] capabilities are important, and if they failed, we would be embarrassed, but the nation would not be at risk," said Bryan, who also serves as vice director of the Defense Information Systems Agency. "But if we fail on defense, the nation would be at risk... and we are an [information technology]-dependent nation."
The Joint Task Force-Computer Network Operations was formally established in April 2001 — replacing the Joint Task Force-Computer Network Defense — when it also assumed responsibility for computer network attacks. Coupled with the ongoing war on terrorism and the fluid nature of technology, that transition has forced Bryan to accept change as a part of his job and his life.
"One constant in life is change, and that characteristic applies here," he said.
The increasing sophistication of hackers requires the joint task force to remain focused on the day's top threats while also planning for the future, and that is reflected in Bryan's near-term priorities:
n Improving the ability to see intruders in real time and getting real-time attribution of their source IP.
n Seeing DOD networks in real time across the department's Global Information Grid.
n Coordinating an immediate response to intrusions with more timely and accurate reporting tools.
The global war on terrorism has increased the worldwide demands on the joint task force, and its ability to "support multiple combatant commanders has really been put to the test," he said.
Still, he is proud that in less than two years, the group took DOD's "stovepiped, unintegrated, non-deconflicted and largely theoretical [computer network attack capabilities] through the planning phases and into a new operational reality," he said. "We've gone from a lot of theoretical talk to presenting real options to the president and [Defense] secretary."
When it comes to defensive measures, Bryan said the joint task force's response to last month's Slammer worm, which exploited vulnerabilities in Microsoft Corp.'s SQL Server 2000 database software, was another successful real-world test.
DOD has about 3 million computers divided into about 12,000 enclaves, and each enclave typically has at least one SQL server. Of those, only about 200 servers were affected, thanks to the speedy response of Bryan's full-time watch staff, he said.
"We detected the activity at our gateways in less than 10 minutes," Bryan said. "Two years ago, that would have taken hours or days. The command duty officer was authorized to take actions to defend ourselves immediately...and within an hour, the situation was under control."
One of Bryan's pet projects is a network security tool called the Therminator, which is being developed by DOD, the National Security Agency and Lancope Inc. The tool produces a graphical representation of network traffic that allows information security workers to recognize the impact of cyberattacks in real time.
Bryan recently saw a demonstration of Therminator's beta software and was pleased with the results. With current network monitoring tools, "when you see the spike, you're already in trouble," but the Therminator can alert administrators before the increase in traffic occurs, Bryan said.
David Ford, the project's joint research coordinator, said the general has motivated him to remain in government work.
"He is inspiring to work for. One can sense that he truly cares about the guy on the battlefield trying to 'get the call through,' " Ford said. "I would never let him down."
Outside the office, Bryan's wife and three children take center stage. "My No. 1 priority is my family," he said. And now, Bryan said, his heart is with his oldest daughter, a newlywed whose husband is in an American tank battalion in Kuwait.
With Bryan watching over DOD's networks and his son-in-law positioned on the front lines, the nation's defenses are in good hands. n
The J. David Bryan file Title: Bryan is commander of the Joint Task Force-Computer Network Operations and vice director of the Defense Information Systems Agency. Education: Bachelor's degree in secondary education, Jacksonville State University; master's degree in adult education, North Carolina State University. Hobbies: Spending time with his wife and three children, working to start up a new church, playing guitar in a church musical group and golf. Quote: "This community of interest [in the Defense Department] is probably one of the most important and lowest visibility entities in the country. What gets me going every day are these wonderful people."