Protecting Electronic Borders

STOP NOW. You are an intruder on an Army computer system patrolled by the Army Computer Emergency Response Team. Leave this site NOW.


By Master Sgt. Joan Fischer

     Information dominance took a giant leap into the future March 17, when the United States Army Intelligence and Security Command ceremoniously opened the Army Computer Emergency Response Team Coordination Center at Fort Belvoir, Va.
     Its mission is to re-write the books on how the Army handles the newest threat in the field manuals — computer hackers.
     The team, also known as ACERT/CC, is the newest division to be formed under the two-year old Land Information Warfare Activity led by Col. Halbert F. Stevens. It’s chartered with the responsibility of detecting, tracking and reporting computer attacks against Army computer networks.
     LIWA received the mission in February 1996 to form the response team. A year later, under the guidance of INSCOM Commander Brig. Gen. John. D. Thomas Jr., the ribbon-cutting ceremony signaled the command’s readiness to take on the challenging goals of command and control protect (C2 protect) operations in support of the Army.
     "It’s an element whose time has come," said Lt. Gen. (Ret.) Paul E. Menoher Jr., former deputy chief of staff for intelligence. "C2 protection of information assurance is absolutely critical."
     Future plans include regional computer emergency response teams, called RCERTs, which will be located around the world. One regional team is already operational in Europe. ACERT/CC is currently operational Monday through Friday, 12-hours a day. Eventually, it will be operational 24-hours a day.
     ACERT/CC is a joint venture among the information operations triad of the Department of the Army’s Deputy Chief of Staff for Operations, Deputy Chief of Staff for Intelligence, and the Joint Chief of Staff’s Director for Command, Control, Communications and Computers (DISC4). The ACERT/CC role is two-fold: help the Army identify computer systems vulnerabilities and prevent hackers from accessing those same systems by exploiting those vulnerabilities.
     Set-up to operate under the INSCOM umbrella, ACERT/CC receives missions from the Department of Army, Deputy Chief of Staff for Operations and assistance requests from any Army command. According to Lt. Col. Bob Vrtis, the Land Information Warfare Activity’s chief of information assurance, ACERT/CC prioritizes the incoming requests for assistance, however the Department of the Army’s deputy chief of staff for operations can direct their priorities.
     A hacker demonstration was conducted as part of the ribbon-cutting ceremony. An ACERT/CC computer security expert conducted the demonstration, saying that you have to "think like a hacker and try to break into a system." For example, if an Army organization requests the team’s assistance in checking out its vulnerabilities, a team member can sit at a computer terminal and attempt to break in from the remote site — much like a real-world hacker.
     The goal is to access the "target" and gain system administrator’s privileges, then erase all electronic record of the contact. In the case of a malicious hacker, the goal might be to alter files, delete information, or replace an Internet web site.
     While the team can diagnose such vulnerabilities long-range, Vrtis said you lose a lot by this process. "What you miss is the hands-on approach of providing personal attention and training to the systems administrator," he said. ACERT/CC sends out forward support teams to various sites on request.
     ACERT/CC is also the first-line of defense in tracking down computer hackers whether it is a teenage hacker trying out his or her skills on a military target, or a person attempting espionage. ACERT/CC’s main thrust is to deter outside intrusion into the Army’s systems.
     "Deter is the key piece and focus of what ACERT/CC is all about," said Stevens.
     "Whatever else it is, ACERT/CC is not a police activity." Stevens said ACERT/CC’s role is to determine if there is a hacker, and then use the established notification process to report and coordinate responses, such as in the case of any other potential crime.
     Barbara Schalestock, ACERT/CC chief, said that depending upon the incident, it could be reported to USA Criminal Investigation Command or another appropriate Army activity. She has been involved in writing those reporting procedures while forming ACERT/CC’s nucleus.
     Schalestock visited other agencies, including the Navy and Air Force, both of which had previously formed emergency response teams to address computer security issues. She was able to draw from the other services’ experiences, along with Defense Information Systems Agency, to focus the ACERT/CC mission.
     She said the ground work is established for getting operational procedures in place and formalized. The ACERT/ CC staffing is another on-going challenge. ACERT/CC is currently staffed with a mix of contractors, Department of the Army civilians and military. Stevens said that resources are being reallocated from existing entities within the Department of Defense, which will enable the ACERT/CC to grow to its target strength of about 20 people.
     Educating the rest of the Army about a new system or organization is part of the evolution process. Plans call for a web site on the Army homepage featuring information about ACERT/CC services.
     Vrtis said they intend to be proactive on notifying their "customers" about vulnerabilities by forming a service database and "Email" notices to consumers. The team will also provide LAN managers with the software tools they need to combat attacks.
     Rapidly changing capabilities further blur areas of responsibility among the various agencies in a joint environment. ACERT/CC provides valuable support to the operational side of the military.
     "Information operations is a combat multiplier..." said Maj. Gen. David L. Grange, director of operations, readiness and mobilization, deputy chief of staff for operations, at the ribbon-cutting ceremony. "It is critical for the survival of the Army. Information dominance is the Achilles’ heel." Grange added that he is convinced the Land Information Warfare Activity’s forward support teams have prevented further conflict in recent areas of operations.
     Stevens said that the ACERT/CC’s primary focus is to support the land component commander. In these days of joint missions, he added that it is difficult to draw the line for areas of responsibility.
     "It depends on who gets tasked with the mission," said Stevens. "If the Army gets the lead, then (they will) coordinate with the other players."
     Many decisions are yet to be made. Meanwhile, Vrtis and Schalestock are charged with forging ahead — drawing a road map to the future.
     "We play it by ear," Schalestock said. "There’s no (predetermined) path to take."

ACERT HOT LINE

Army Computer Emergency Response Team Coordination Center, call 1-888-203-6332 toll free
from the United States or
DSN 312-235-1113
from overseas military phones.

     Master Sgt. Joan Fischer is the NCOIC, Public Affairs Office, U.S. Army Intelligence and Security Command at Fort Belvoir, Va.

 


Go to Journal Contents

   Last Updated: May 29, 1997