Military to fortify nets

DOD Instruction 8551.1, "Ports, Protocols, and Services Management

DENVER — In December, the military's top cyberwarrior will unveil a plan for involving officials from the military, Defense Department agencies and unified combatant commands in a new organization that oversees DOD networks.

More importantly, the plan for expanded participation in the Joint Task Force-Global Network Operations (JTF-GNO) will provide new structure and discipline for managing and defending military networks, said Air Force Lt. Gen. Harry Raduege, commander of JTF-GNO. Raduege spoke here last week at the Government Symposium on Intelligence, Surveillance and Reconnaissance Transformation.

During the past three years, JTF-GNO officials have reported increases in attempted intrusions into military networks. The number of attempts grew from 40,076 in 2001 to 43,086 in 2002 and 54,488 in 2003. As of June, 24,745 such attacks had been reported this year alone. "There are intrusion attempts against [DOD] networks happening all the time," Raduege said.

JTF-GNO operations center officials work 24 hours a day to protect DOD networks. The center, which coordinates global network operations, uses gateway blocking of suspected hostile IP packets. "Our defenses are strong," Raduege said.

Tim Madden, a task force spokesman, said JTF-GNO does not use newer network-defense technologies, such as mobile agents that scour the routers that link computer networks. Survey probes can scan network data for clues about ongoing or attempted intrusions. Beaconing and tagging programs can detect suspicious activity in data packets and trace their origins.

Retired Army Maj. Gen. Dave Bryan, who served as commander of the Joint Task Force-Computer Network Operations — the organization that preceded JTF-GNO — often discussed such technologies.

Raduege's plan to improve structure and discipline within JTF-GNO follows several policies and directives calling for strengthening the military's cyberdefenses. This summer, officials at DOD's Office of the Chief Information Officer and officials at the Defense Information Systems Agency and the National Security Agency issued a draft document on securing networks, a directive on computer security training and new policies for acquiring information assurance products.

The latter document, DOD Instruction 8551.1, "Ports, Protocols and Services Management," released Aug. 13, requires an assessment of all ports, protocols and services on military networks. Bob Gorrie, director of the Defensewide Information Assurance Program, said the department needs a policy for managing network ports because of the size and number of computer networks it operates.