Army cyber pros pitch in with network evaluation

The Army Cyber Command maintains a team of specialists to help review and test equipment for network vulnerabilities at the service's Network Integration Evaluation.

The mission of the Army’s Network Integration Evaluation (NIE) is to test new communications, software and networking equipment under field conditions before committing to building and deploying them across the entire service. But when all of that new gear is hooked up into an operational network, someone has to check it for vulnerabilities and its ability to interoperate with other systems.

That’s the job of the 1st Information Operations (IO) Command, a brigade-sized unit comprising two battalions that is part of Army Cyber Command. Since the launch of NIE in 2011, a team of personnel from the 1st IO has been an integral part of the process. The unit’s role in the event is to assess any potential vulnerabilities or threats to the network posed by the new technologies under evaluation when they are connected into the system. “We’re a niche brigade—there’s only one active duty brigade in the Army that does what we do,” Col. Glenn Connor, commander of the 1st IO Command, told Defense Systems

The 1st IO’s role is to monitor the entire network once all of the new systems are connected to it. The command’s team looks for connection and encryption vulnerabilities among other potential problems, said Lt. Col. Chris Quick, director of strategic communications at Army Cyber’s Strategic Initiatives Group.

The command’s first battalion is the unit most involved in the NIE. This unit’s mission is to find and assess vulnerabilities and then devise mitigations processes, procedures and recommendations to reduce risks to acceptable levels. There is no red-team work in the NIE to actively attack or undermine the network, the 1st IO’s role is purely for assessment at this point, Quick said. As the NIE progresses, the brigade may be given a different mission set, but for the moment it is responsible for assessment only, he said.

During the evaluation process, 1st IO personnel are positioned throughout the event to communicate with staff from the Army Evaluation and Test Command, System of Systems Integration Command, Office of the Assistant Secretary of the Army for Acquisition, Logistics, and Technology and the NIE staff—primarily its Network Integration Directorate, Connor said.

The evaluation teams also focus on the maneuver elements involved in the NIE. Mobile teams are embedded with the units testing gear in the field and also as staff communicating with the organizations involved for managing the event’s network. Members of the 1st IO staff include their assessments and observations into the daily update briefs generated at the end of each day that are sent to key officers and administrators. “The idea is, as we find things, to address them while they’re out there,” Connor said.

A great deal of information is exchanged before the evaluation even takes place, Connor said. Key areas such as the architecture, IP addresses, the IP range as well as all of the wireless systems are scanned and monitored. As the IP addresses come into the network, the 1st IO personnel first check to see if the network is running properly; for example, to determine if a system added to the network will cause it to crash or defeats certain operational needs.

“Getting the architecture right—getting all of those systems hooked up—is challenging. If there’s something that we can recommend to make that flow better, we do it on the fly,” Quick said.

If the staff detects any vulnerabilities or patches to vulnerabilities, it determines if those vulnerabilities conflict with any other systems in the overall network, Connor said. The goal of the process is to keep up a continual information flow between the soldiers testing the gear the 1st IO team and the contractors.

Assessments are conducted on a system-by-system basis followed by a formal assessment at the end of the event. The assessments are incorporated into the information assurance reports that are sent to the Army organizations responsible for approving equipment and software tested at the NIE, Connor said.

One area that Army Cyber is interested in examining is how Army policies affect soldiers on the ground trying to implement those requirements. The service’s information assurance policies are mature and plentiful, so seeing how they affect soldiers at the individual unit level trying to integrate them is a learning experience that is not seen outside of combat, Connor said.

While they do listen to soldier feedback and work with units, the team’s primary job is to spot technical vulnerabilities as the equipment is integrated in the field. The 1st IO personnel also provide insight into the physical security status of a device or software application and maintain a dialogue with the contractors. “You’ve got to be very selective with what you point out in the physical domain,” Connor said.