DISA director: Cyber threat forced new command to evolve on the fly

For Lt. Gen. Alan Lynn, director of the Defense Information Security Agency and commander of the Joint Force Headquarters Department of Defense Information Networks, or JFHQ-DODIN, who assumed both responsibilities in July, the ongoing cyber threat forced him to neglect his post at DISA for some time initially.

“My first three weeks in the job I never went to the headquarters – I was never at DISA headquarters cause I was wearing the other hat,” he told an audience at an event hosted by AFCEA’s D.C. chapter. “I was the commander of Joint Force Headquarters DODIN, and DISA had to wait.”

The headquarters opened with its initial operating capability in January. By September, it was “starting to take over the day-to-day functions assigned to U.S. Cyber Command in the area of operating and defending the networks,” DISA Vice Director Maj. Gen. Sarah Zabel said at the time. 

Lynn described how threats are evolving and becoming more persistent. One incident he pointed to was the breach of the Joint Chiefs email service in August. “What was surprising about this [incident] is it was a hit hard and hit fast and it was like – they made a lot of noise – normally they try to sneak in,” he explained.

Given this persistent and evolving threat, Lynn and his team have been forced from the get-go to define how the nascent command will function. “For three weeks we went after this cyber event and worked to figure out ‘how do we now work as a new command’—the Joint Force Headquarters DODIN—how do we work this? Because it’s still in its infancy, it’s IOC…but the enemy doesn’t know that—they want to attack now,” he said. “So we spent the first three weeks working with the Joint Staff, network people inside the Pentagon, and it was an exciting time but it was non-stop to make that network what it needed to be.”     

Lynn returned to a familiar analogy many in the cyber field use to describe the environment.  “Think about the Cold War, [except] it doesn’t cost [adversaries] that much to attack us. It costs money to fix it, it costs a lot of money to fix it. So if you’re looking at just chipping away at the United States and its infrastructure and its economy, what a neat way to do it—just a little at a time,” he said, describing the cyber threat as a long game.

Lynn’s comments harken back to something DOD CIO Terry Halverson said at a conference in September. “From a standpoint of cybersecurity, right now we’re on the wrong side of the financial spectrum here. We’re losing…The truth is, you can spend a little bit of money and a little bit of time and exploit some our weaknesses, and cause us to have to spend a lot of money, a lot of time,” he said. 

When asked who the most capable adversary in cyberspace, Lynn replied “we are,” but refused to offer the next most capable adversary when pressed. “I don’t want to go into that because if I do that then I tip my hand on who’s doing good and who’s not in that space and I don’t want to talk about that because I’m fighting them.”

Lynn did, however, provide a useful explanation of the different roles both outfits he oversees possess in cyberspace. He referred to DISA as the build side, creating the infrastructure for cyberspace. “They’re building the domain. Cyberspace is considered a domain – it’s no different than land, sea and air. … If you’re a land force you can change the land a little bit; air, not much change is happening there; sea, probably not a lot of change happening there. But cyber, we build it. So we’re the ones that build cyberspace…It’s the one domain we build.”

Once DISA is informed by the cyber side of vulnerabilities in the network, DISA will patch it to prevent bugs in the future. The folks on the cyber side of the house are fighting inside the network against those trying to get in, he said. DISA will then build another network moving everyone over from an infected network to a more secure network following thwarted intrusions by the cyber folks, or turn “that infected network into a honeypot and we give [adversaries] information that we want them to know,” he added.  “So it’s a game—spy vs. spy.”