By Ben Gonzales (Army Materiel Command)October 24, 2016
REDSTONE ARSENAL, Ala. -- Threats from cyberspace are real, consistent and evolving. In a presidential proclamation, President Obama called cyber threats one of the gravest national security dangers faced by the United States.
With the increasing number of cyber attacks on Department of Defense networks, Army Materiel Command leaders have taken note. October is National Cyber Security Awareness Month, and AMC officials encourage that vigilance and protection are relevant today and every day.
Leading the effort to operationalize cyberspace throughout AMC is Dr. Dawn Dunkerley. As the command Cyber Division chief, Dunkerley advises AMC leaders what they need to be aware of while also striving to keep the entire 64,000-command workforce fully knowledgeable of the requirement for cyber resiliency.
The Army Chief of Staff foreshadows cyber as the next domain of battle, and warned how serious the threat could be to the Army and nation.
"The first shots of the next actual war will likely be fired in cyberspace, and likely with devastating effect," said Gen. Mark A. Milley in early October. "Many analysts and senior government officials have said their greatest fear is a cyber Pearl Harbor. Very serious cyber capability right now is being developed and deployed by major nation states, some of them not our friends. It is entirely possible to inflict widespread damage on a country's economy and military through cyber attacks."
There are 43,000 attempted network intrusions blocked every day on Army computer systems. AMC is combatting the cyber threat by working with commanders as well as with each employee using a computer. Cyber has been identified as the newest warfighting domain, Dunkerley said.
"We have active threats against AMC and the Army from both nation state and non-nation state actors who are growing in their cyber maturity on a daily basis, and they are also working to learn how to utilize cyberspace to their benefit," she said.
Today, networks are a warfighting platform and force multiplier for commanders. Operationalizing cyberspace enables maneuver commanders to fight and win in the information environment in the same way the Army faces threats in the ground, air, sea and space domains.
Cyber is not just individual desktop computers, Dunkerley said, but also the Army's Organic Industrial Base.
"Throughout AMC there are production lines that are powering our OIBs, and many of those have cyber components that we have to be concerned about. The impact of losing any production line would be severe to AMC and the Army," she noted.
Fundamentally, operationalizing cyber gives commanders the visibility, actionable intelligence and the ability to make better decisions in and through cyberspace.
"It's AMC's job to give commanders understanding of cyber threats and vulnerabilities," said Dunkerley. "That's what operationalizing cyberspace is all about. It's putting information in operational channels and making it commanders' business, and helping commanders understand the risks associated with those systems."
For more than four years, AMC officials worked to develop a Cyber Mission Assurance Plan. This is the command's campaign plan for cyber, and it is a foundational document to push AMC above the Army baseline activities of information assurance and cyber resiliency.
To get ahead of the threat, AMC officials developed four lines of effort outlined in the Cyber Mission Assurance Plan: operationalize cyber in AMC, strengthen cyber defenses, cultivate cyber workforce, and cyber technological overmatch. As a forward-looking plan to guide the command, the AMC mission assurance plan is synchronized with the Army's strategic planning guidance while tailored to ensure the command can accomplish its "develop, deploy and sustain" mission. AMC's cyber activities are embedded with the Army's plan and operations.
The end state for the AMC mission assurance plan is not cyber security; it is resiliency, Dunkerley said.
"No one person or organization can ever be 100 percent cyber secure," she said. "The environment is too complex, and changes too rapidly. Our goal is to get ahead of cyber threats and drastically increase AMC cyber resiliency."
With a complex operational environment and a wide range of missions throughout AMC, command officials work in partnership with Army Cyber Command and across the intelligence community to come up with mitigating actions toward known risks. AMC also looks outside of DOD at best practices from industry and academia on ways to adapt cyber processes.
Within AMC, organizations are developing cyber security systems related to material development including officials from Communications-Electronics Command, Communications-Electronics Research, Development and Engineering Center, and Research, Development and Engineering Command. In addition, Cyber Engineering Center officials at the Aviation and Missile Research, Development and Engineering Center work extensively with cyber protection teams on aviation and missile cyber analysis.
"Units across AMC are looking at how we bake cyber security in and not bolt it on," Dunkerley said. "Maj. Gen. Bruce Crawford, the CECOM commanding general, is leading the charge to improve our software code across the Army as well. That is crucial because you have code inside weapon systems and code inside industrial bases."
But combating cyber activities is not solely the responsibility of commanders or organizational leaders, Dunkerley said. Safeguarding the cyber terrain begins with each individual computer user.
"We have to educate the workforce and make them aware of the threat," Dunkerley said. "Everyone must be an active partner in our cyber efforts. Every employee using a desktop computer is entering into a congested and contested cyber environment. Everyone's activities are either improving our cyber security posture or harming it."
Websites browsed and unfamiliar emails with attachments can impact the Army's cyber security. The threat is real even if the vulnerabilities may seem harmless.
"The individual user is one of our most important defenses," Dunkerley said. "Spearfishing is something we see regularly, which is very damaging if not caught. Users every day get emails with malicious files or links that attempt to implant into a computer system. The best way to approach things is through a layered defense that includes improving our processes and improving users' awareness so they know that they should be suspicious of certain emails."
Sometimes ensuring cyber security is as easy as calling a person to ask if they sent an email before opening a suspicious email. These may seem dull and redundant, but all it takes is one corrupt email to cause significant damage.
"Improving our cyber hygiene encompasses everything from defending against spearfishing attacks, not clicking on unknown or suspicious emails, or by keeping individual social media accounts free of information that might be dangerous to you, the command and the Army," Dunkerley added. "Having a daily cyber hygiene is absolutely critical to the success of our command."
During National Cyber Security Awareness Month and always, Dunkerley encourages the AMC workforce to be cyber aware.