Air Force goes on net security offensive

WASHINGTON, D.C. - The U.S. Air Force is adding firepower to its network defenses by increasing intrusion-detection measures at dozens of bases around the country as the threat of cyberattacks escalates in the post-Sept. 11 age of terrorism.

To secure the military's phone lines from unauthorized use and prevent hackers from breaking into data networks by modem-based "war dialing," the Air Force is installing SecureLogix's Enterprise Telephony Management (ETM) suite at every base in the country. It has added Battelle's network attack visualization tool to get a bird's-eye view of attempted attacks from the Internet. These are just two such projects among many.

"Intrusion-detection systems are now mandatory," says Lt. Gen. Jack Woodward, a top gun who has led the process of "Webifying" applications that the Air Force uses, while finding ways to shield data that's put at higher risk with open systems. The Air Force employs 350,000 military personnel and 145,000 civilian personnel around the world, all of whom may make use of the Internet; the switched voice, data and video networks that the Defense Information Systems Agency (DISA) maintains; or secured private IP networks.

The military is concerned that network-based attacks, a perennial problem from the Internet, may be growing in severity. In late March, unknown hackers, apparently from outside the U.S., tried to break into the network at Wright-Patterson Air Force Base in Ohio. They made 125,000 attempts to do so in a matter of hours, according to officials there, in what may have been an attempted denial-of-service attack.

The base is home to the Air Force Material Command headquarters, the National Air Intelligence Center, research laboratories and the program office for the B-2 Stealth bomber, F-22 Stealth fighter and other weapons systems - plus a government supercomputer center.

Team effort

Based at the Pentagon as deputy chief of staff for communications and IT, Woodward gets lots of help in determining protective measures. Key assistance often comes from the Air Force Information Warfare Battlelabs, of which there are seven in the U.S.

These aren't research and development labs, but military-run organizations scouting out the best ways to do everything from radar and electronic warfare to psychological operations. The two "battlelabs" with the most focus on software, hardware and telecom are said to be at Lackland Air Force Base in Texas and Hurlburt Field Air Force Base in Florida.

Staff working at these battlelabs review off-the-shelf software and run operational pilots at Air Force bases before large-scale purchases are made for anything from collaboration software to intrusion-detection systems.

Lt. Col. Glenn James, who works with a team of about two dozen staff at the Lackland Information Warfare Battlelab, says he usually can just pick up the phone and call the Pentagon to notify Woodward when something interesting is in the works.

"Our folks demonstrate new things and try them out to prove their value before the military spends millions on it," James says.

One recent project that passed through battlelab inspection and is making it to full deployment in the Air Force, although not the entire military, is SecureLogix's ETM.

The Air Force is spending $8 million on ETM products, which include the TeleWall Firewall for putting restrictions on inbound and outbound telecom communications. ETM was first put into an operational test a year ago at Peterson Air Force Base and Schriever Air Force Base, both in Colorado, with help from the Lackland battlelab.

Woodward says he now wants every Air Force base to use ETM to protect telecom systems by monitoring and, when needed, blocking inbound or outbound calls. "We're focusing on operational threat reduction," he says. "This is the Air Force concept of defensive depth."

The Air Force calls the deployment its Telecommunications Firewall Initiative, which is expected to be largely complete by year-end.

Test, test and test again

Woodward adds that the Air Force not only relies on the battlelabs for assistance, but also requires software and hardware to pass technical integration tests done at Scott Air Force Base in Belleview, Ill., to ensure new equipment will work with the installed base.

"It's an enterprise approach," Woodward says, with new gear expected to win the Air Force "certificate of net-worthiness."

The SecureLogix TeleWall also has received the internationally recognized Common Criteria certification to assure that software works properly and has no known security holes.

There are other important product-review labs in the military, such as the Joint Interoperability Test Command, overseen by DISA, to which vendors must sometimes submit their products for review before purchase.

Does the military try to coordinate any of these product reviews among the Air Force, Navy and Army? Not formally, but "we all share with each other what we do," Woodward says. "And we're doing more dramatic preplanning, especially as we go to war."