DISA increasing its role in the cyber fight

Agency officials describe the advantages of software-defined networks and their role in "hunting" the enemy.

The Defense Information Systems Agency is continuing to play an increasingly important role in the U.S. fight in cyberspace.

“Our marriage to Cyber Command is beginning to expand,” Tony Montemarano, executive deputy director of DISA, told an audience at a Tuesday breakfast hosted by AFCEA’s DC chapter. “We have the Joint Force Headquarters with us and I will tell…their role is expanding,” he said, referring to DISA’s Joint Force Headquarters-Department of Defense Information Networks, or JFHQ-DODIN, which reached initial operational capacity in January of 2015. The headquarters is described as Cyber Command’s operational arm responsible for directing global DODIN operations.

“Where DISA is responsible for the infrastructure we’ve deployed, the Joint Force Headquarters is responsible for every other infrastructure that’s either connected to the DISA infrastructure or beyond – the DODIN as a whole…That’s what it’s focused on,” Montemarano said. “And our expanded role quite frankly is from a resourcing perspective.” 

“We’re in the fight everyday – the threat is real,” John Hickey, DISA’s cyber security authorizing official, at the event. “What we’re focused on is, what is that current threat, what is that threat going to evolve to so when they talk to the SDN [software defined network]? I’m interested in SDN from the ability to move around what I call the information battlefield to execute and stay ahead of the enemy and put up systems and take them down and move them and – just like you would on a modern battlefield.” 

A software-defined network can present adversaries with a moving target, something Lt. Gen. Alan Lynn, DISA’s director and the commander of JFHQ-DODIN, has previously said he’d like to achieve. “Imagine networks that would spin up, drop, spin up and drop, and now you’re an adversary trying to get into a network that just dropped,” he said during an event in November. It’s hard to launch persistent attacks on a “software defined network that’s changing all the time… So I want to get to that point where we’re developing something that’s really hard to attack.”

Hickey also described at Tuesday’s breakfast how cyber protection teams are beginning to hunt the enemy in cyberspace. “The biggest change both in DOD and the commercial world … is we’re going out and hunting for the enemy on a daily basis. So we have teams that are looking at that – cyber protection teams,” he said.  However, given the security nature of the mission, Hickey declined to elaborate on the “hunt mission.”  “So we don’t really talk about where we’re hunting, obviously, we don’t even tell the people on the inside where we’re necessarily hunting things and we’re certainly not going to tell the folks on the outside, right?” he told Defense Systems following the panel discussion. 

The Army recently, through an innovative acquisition approach, awarded next-generation prototype kits to support its Cyber Protection Teams. The Army said the kits will be used to inform specifications prior to fielding decisions and broader procurement.

Despite this seemingly aggressive posture, Montemarano said DISA is not in the business of offensive cyber. “We are strictly operations and defense,” he said.  

And in spite of DISA’s growing cyber role, Montemarano said a shrinking budget was hindrance. “The budget is getting worse and worse…We in the IT community are competing with jet planes, carriers and tanks and we have to come to grips with that.”