March 01, 2001, 12:47 PM — Mark Sachs, a U.S. Army major with battlefield network engineering experience, explains his newest mission this way: "We understand that one of the commodities we have to move is information -- not just fuel, equipment and soldiers. That information movement requires an infrastructure. And security of the information inside that infrastructure is a big concern."
At the end of 1999, Sachs became an operations analyst at the newly organized Joint Task Force for Computer Network Defense in Arlington, Va., an assignment given to him just after he finished government-sponsored graduate school at the University of Texas at Austin.
Washington is the nerve center for those U.S. military networks put into the task force's care: the Army, Navy, Marine Corps, Air Force and a dozen other agencies, such as the National Security Agency, Defense Finance and Accounting Service, Defense Logistics Agency and Defense Information Systems Agency (the Department of Defense's backbone support network). In essence, the Computer Network Defense task force has been charged with protecting more than 3.5 million DOD computers.
Sachs works the analytical side of the task force. The other side is the watch team. The watch team monitors DOD computers for problems, abnormalities and intrusions both within and outside DOD networks -- such as the distributed denial-of-service (DDOS) attacks that took down the Web sites of Yahoo Inc., Amazon.com Inc. and eBay Inc. early last year. "We observed the DDOS activity hour by hour, because if a problem arises somewhere else on the Internet, it may eventually affect us," Sachs says.
While the watch group gathers data from its network traffic, outside commercial emergency advisories and news reports, the analysis team to which Sachs belongs is tasked with figuring out what to do with that information.
"If the watch reports something wrong -- an intrusion or whatever -- we then make an assessment of whether there is or isn't an operational impact on the Department of Defense," Sachs explains.
Sachs hasn't been on the job long enough to chase down any serious attack on DOD systems yet. But Mark Duck has. As an early information warrior in 1994, Duck took a job as network manager at Air Force Research Laboratory, known then as Rome Labs, in Rome, N.Y. In so doing, he stepped right into an attack on the Air Force Research Lab network.
Duck noticed that several of the lab's servers had been compromised at root level, and he made a phone call that helped launch the biggest compputer crime investigation in military history. It spread to more than 100 downstream computers, including Air Force contracting agencies, NASA's Jet Propulsion Laboratory and even the South Korean Atomic Research Institute.
"I'm the first line of defense," says Duck, who's now IT enterprise director at the Air Force Research Laboratory at Kirtland Air Force Base in New Mexico. As such, he blocks and tracks numerous attacks on the lab's network. Duck also spends a lot of time on employee education. "A week after a tutorial on e-mail viruses, I embedded a virus in JavaScript and sent it anonymously to our 1,200 users." he says. "The virus secretly redirected those who click the attachment to 'MyEvilWebSite.com,' which had a note reminding them they shouldn't open unsolicited attachments. Within seven minutes, 154 of my users had been registered at that site."
The exciting work and ability to learn new skills has kept Duck in military civil service for almost seven years and has kept Sachs enlisted for almost 20 years. But both plan to move to the private sector in the next year.
"The private sector is also under information warfare attack," Duck says. "It's just different. Instead of actual war, they have to worry about espionage and liability."
