|Keeping Air Force Secrets Secret |
Keeping Air Force Secrets Secret
By Master Sgt. Daryl Mayer, Electronic Systems Center Public Affairs, June 21, 2000.
Hanscom Air Force Base, Mass. (AFPN) -- Imagine if you told an F-16 Fighting Falcon pilot to attack a target 550 miles away, and then learned the plane's maximum range was only 500 miles.
Or suppose you ordered a C-5 to deliver cargo to an airport where the runway was too short for the plane to land.
Couldn't happen? Well, the Air Force isn't taking any chances.
When the software detects a predetermined event it sends an alert message to the system administrator. If an actual attack or penetration is suspected, the system administrator can instantly secure the network with a single mouse click.
Today's mission planners use the Global Command and Control System, a computer application that is run on a Department of Defense secure network, to plan missions and issue air tasking orders, according to Capt. John Casebolt, GCCS engineer for Electronic Systems Center Command and Control Centers and Applications Product Area Directorate. This system ensures that units aren't asked to do two missions at the same time or given jobs that are impossible to complete.
But can you imagine if a hacker broke into the system and made a few subtle changes. What if he added an extra 10 percent to the maximum range of an F-16. Or how about changing a C-5's needed landing distance from 1,493 meters into 1,493 feet.
The results could be catastrophic.
The Computer Misuse Detection System collects a wide variety of information and presents it in easy-to-read formats, such as the Behavior Bar Graph shown above.
The Computer Misuse Detection System uses a simple graphic user interface as a starting point for all activities.
And that is exactly why the directorate, which is a division of the Defense Information Infrastructure Systems Program Office, is working to add even more beef to an already secure network.
"In recent years there have been enough incidents to give the Joint Chiefs of Staff pause," said Casebolt.
Rather than take any chances, "intrusion detection software installation has been mandated by the Joint Staff in order to provide a secure environment for our command and control customers," said Lt. Col. Howard Gans, GCCS program manager.
Instead of spending valuable resources developing a security program from the ground up, the directorate sought an existing solution from the vast commercial network security market.
The answer was the Computer Misuse Detection System, a product developed by Intrusion.com a company based in Richardson, Texas.
"This is a perfect example of a commercial off the shelf product being used for military applications," said Tech. Sgt. Tim Craig, GCCS information systems security officer.
To date, the program has been purchased and is being successfully used by several other government and industry customers, according to Davee Webb, who works at Intrusion.com's Security Division in San Diego, Calif.
Unlike an anti-virus program, which looks for known pieces of malicious computer code, CMDS is designed to detect someone trying to break into or otherwise misuse the system.
"CMDS collects audit records and parses them into readable network reports," said Craig. "These reports can be used to get an overview on potential attacks against the system by an inside or outside threat."
Once the program is running on the system, it starts watching for certain indicators of an attack. "It tells you what are the most critical events," said Webb.
When one of these events is detected, the software flags the activity and issues a warning to the network administrators.
"CMDS gives us the ability to see not only unknown folks trying to come in, but also detect unusual activities by known users," said Casebolt.
This is an important fact considering the current growth rate of the secure network. As more and more tasks are automated, more people find the need to access the network.
"The user community is growing. Right now, it's fairly easy to track user activity but over time that will get worse," said Master Sgt. Tony Collins, an Air National Guard systems administrator assigned to the 186th Air Refueling Wing at Key Field in Meridian, Miss. "CMDS makes tracking that activity manageable."
"You can actually profile what a specific user is doing," said Craig.
Because the GCCS operates on a secure network, watching for attacks from within is particularly important.
"Since it is a classified system, you (potential intruders) would need some inside help to get in," said Casebolt. This help could come in the form of poor entry control procedures into secure areas or improper password control.
Recent events such as the theft of a laptop loaded with classified information from a State Department conference room highlight the need for security.
"Even if someone could gain access to a terminal and somehow steal a password, CMDS will record the location, every action taken and sound the alarm so network administrators can shut that system down," said Casebolt.
"It can tell if someone who is supposed to be away on leave tries to log on to the system," said Craig. Network administrators can then investigate the cause of the unusual activity.
"It could be that either the person's account or that individual has been compromised," said Casebolt. "At that point, we can come in and take appropriate action, such as shutting off the account if necessary.
Once the CMDS software was selected, the directorate took on the monumental task of getting it accredited. "We've spent a lot of time to ensure it would work with all our hardware and software, and that it was DII-COE (Defense Information Infrastructure and Common Operating Environment) compliant," said Casebolt. "Now we're going for an Air Force level accreditation."
"It has passed compliance testing and the accreditation package is being reviewed by the Air Staff," said Craig.
In the meantime, the directorate has been working along with company representatives from Instrusion.com to get the software operational worldwide.
On recent trips to Ramstein Air Base, Germany and Hickam Air Force Base, Hawaii, the company representatives trained system administrators and security managers for both USAFE and PACAF. "We even brought installers with us so when we left it was up and running," said Ralph Osofsky, GCCS logistics and training manager.
In a class held recently, they trained representatives from the six National Guard regions and the National Guard headquarters in Washington D.C. When the training was completed, each member was issued the CMDS software to install on their systems.
"Overall, we've trained about 70 system administrators and security managers," said Osofsky. The training necessary to implement the software across the Air Force should soon be complete.
Bringing this software online is the equivalent of having a digital watchdog sitting on the perimeter of the network. Ensuring that when air planners use the GCCS to issue orders to put bombs on target, they send the right planes to the right place at the right time.
* Electronic Systems Center