Cybersecurity

What a big Navy breach taught the Army

Lt. Gen. Edward Cardon

Lt. Gen. Edward Cardon learned some important lessons when the Navy booted Iranian hackers off its network.

A Navy operation that began in August 2013 to drive Iranian hackers from the unclassified portion of the service's intranet has had a lasting impact on the Navy's approach to network security. And it turns out the Army was paying close attention to how its seafaring brethren handled the intrusion.

The most important lesson that Lt. Gen. Edward Cardon, head of Army Cyber Command, took from the Navy's eviction of hackers from its network is that cybersecurity is "an operational mission" and not just an IT issue, he said.

"If you come at things from an IT focus, you're going to lose," Cardon said during a Nov. 10 media briefing. "I'm not saying that the J-6s, CIOs of the world do not have a critically important role," but their focus is on making communications work rather than making them trusted and defensible.

When asked to name a revelatory moment that shaped the Army's approach to cybersecurity, Cardon said it was Operation Rolling Tide, the Navy's first defensive cybersecurity operation to be given a name. It lasted three to four months and involved the Navy Fleet Cyber Command, the National Security Agency and the Defense Information Systems Agency.

Cardon and his fellow cybersecurity experts in the Army closely followed the operation.

"Everything they're doing, we're looking at our network the same way," which leads to the discovery of vulnerabilities, said Cardon, who took over Army Cyber Command when Operation Rolling Tide was underway.

The Naval Network Warfare Command took the lead in conducting operations to evict the hackers, while teams at the Navy Information Operations Command in Norfolk, Va., were dispatched to "hunt on the networks" for the intruders, a defense official previously told FCW.

Cardon has his own stable of network hunters -- the 41 cyber teams that his command is creating, totaling 1,899 people. Today, 30 of the teams are at initial operational capability (IOC) or better, with all teams slated to be there by the end of the fiscal year, Cardon said.

Two of the teams are currently at full operational capability (FOC), which Cardon said means an ability to do multiple missions or one mission around the clock. He said he hopes to accelerate that number to 25 teams by the end of the fiscal year.

Cardon mused about the usefulness of distinguishing between those capabilities. "Right now we talk in terms of IOC and FOC," he said. "But, for example, when I was a brigade combat team commander, nobody every asked me, 'Are you IOC or FOC?' What they asked me was, 'What's your readiness?’ And so what's happening [is] the Department of Defense is moving the cyber mission force into the traditional readiness models."

With prodding by Congress, DOD officials are fleshing out the department's cyber deterrence doctrine. How that shakes out could affect how Cardon allocates his cyber teams, he said.

The Army hasn't bared all about a sophisticated intrusion like the Navy did with the Iranian hack of the Navy Marine Corps Intranet. Whether that is because Army networks haven't been hit by that kind of breach or because the service hasn't disclosed it is an open question. Hackers linked to Syrian President Bashar al-Assad claimed responsibility for knocking Army.mil off-line, but that was an act of disruption, not espionage.

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.