Mark Sachs, a U.S. Army major with battlefield network engineering experience, explains his newest mission this way: "We understand that one of the commodities we have to move is information -- not just fuel, equipment and soldiers. That information movement requires an infrastructure. And security of the information inside that infrastructure is a big concern."
At the end of 1999, Sachs became an operations analyst at the newly organized Joint Task Force for Computer Network Defense in Arlington, Va., an assignment given to him just after he finished government-sponsored graduate school at the University of Texas at Austin.
Washington is the nerve center for those U.S. military networks put into the task force's care: the Army, Navy, Marine Corps, Air Force and a dozen other agencies, such as the National Security Agency, Defense Finance and Accounting Service, Defense Logistics Agency and Defense Information Systems Agency (the Department of Defense's backbone support network). In essence, the Computer Network Defense task force has been charged with protecting more than 3.5 million DOD computers.
Sachs works the analytical side of the task force. The other side is the watch team. The watch team monitors DOD computers for problems, abnormalities and intrusions both within and outside DOD networks -- such as the distributed denial-of-service (DDOS) attacks that took down the Web sites of Yahoo Inc., Amazon.com Inc. and eBay Inc. early last year. "We observed the DDOS activity hour by hour, because if a problem arises somewhere else on the Internet, it may eventually affect us," Sachs says.
While the watch group gathers data from its network traffic, outside commercial emergency advisories and news reports, the analysis team to which Sachs belongs is tasked with figuring out what to do with that information.
"If the watch reports something wrong -- an intrusion or whatever -- we then make an assessment of whether there is or isn't an operational impact on the Department of Defense," Sachs explains.
The Info Warrior's Job
The U.S. military first experimented with information warfare in Operation Desert Shield, when it disrupted Iraqi military communications. But the job of an information warrior didn't become official until October 1999, when, at the behest of a presidential directive, the Computer Network Defense and Computer Network Attack missions were formed under the U.S. Space Command at Peterson Air Force Base, Colo.
With titles like operations analyst, electronic engineer and chief of communications and computer systems, information warriors develop and operate computer-based offenses and defenses.
Sachs hasn't been on the job long enough to chase down any serious attack on DOD systems yet. But Mark Duck has. As an early information warrior in 1994, Duck took a job as network manager at Air Force Research Laboratory, known then as Rome Labs, in Rome, N.Y. In so doing, he stepped right into an attack on the Air Force Research Lab network.
Duck noticed that several of the lab's servers had been compromised at root level, and he made a phone call that helped launch the biggest compputer crime investigation in military history. It spread to more than 100 downstream computers, including Air Force contracting agencies, NASA's Jet Propulsion Laboratory and even the South Korean Atomic Research Institute.
The exciting work and ability to learn new skills has kept Duck in military civil service for almost seven years and has kept Sachs enlisted for almost 20 years. But both plan to move to the private sector in the next year.
"The private sector is also under information warfare attack," Duck says. "It's just different. Instead of actual war, they have to worry about espionage and liability."
This story, "The Info Warrior" was originally published by Computerworld.