Military information technology: Computer network defense in Iraq

Learn how US military networks maintain their IT security and computer network defense in the midst of a war.

Arabian sands had no safe haven for U.S. troops during Operation Iraqi Freedom. Dotting the barren Kuwaiti and Iraqi frontier, soldiers and airmen routinely found themselves targets of enemy rocket attacks and frontline probing actions.

Seasoned combat troops might expect such dangers, but not reservists in the 335th Theater Signal Command, who built, secured and maintained the American and coalition forces' IT networks. Firewalls and IDSes kept enemy hackers off their systems, but they relied on nearby Patriot batteries to keep Saddam Hussein's Ababil-100 missiles at bay.

It has been a year since U.S. troops pushed across the Kuwaiti border in their drive toward Baghdad. In the weeks leading up to the war and those tumultuous two months of heavy fighting, the network and security specialists supporting the combat divisions found that there are worse things than a bad day at the office.

"Everything is relative," says Tom Lantzy, a major in the U.S. Army Reserve who recently returned to his job as an infrastructure project manager for CocaCola. "If you've never been in a situation where someone is shooting at you, it may be that the server crash is the biggest problem you've ever dealt with."

Modern armed forces depend on high technology. Military intelligence, battle plans, troop movements and the availability of supplies are just some of the information that's converted into digital form and transmitted over cables, radio and satellites. Leave even a single crack and an enemy with access to computers and trained experts (hardly in short supply these days) could tap your entire command and control infrastructure. In other words, a breach could cost lives.

"Computer network defense issues and challenges in the commercial world and the military world are similar," says Lt. Col. Thomas Michelli, a Virginia National Guardsman deployed in Kuwait, where he oversees the Southwestern Asia CERT. "Except that the risks -- mission-critical systems equal human lives -- are much higher in the military world."

Marching Orders
The hurdles faced by the 335th dwarfed those of the civilian world, where mortar fire and missiles don't rain down. Creating and managing network systems -- which link all U.S. units with those of 30 nations contributing troops or logistical support -- was equivalent to integrating the complete IT systems for eight to 10 medium-sized corporations. The 335th rolled out the systems in just two months, an operation Lantzy estimates would have taken a full year in the corporate world.

"We moved more than 250,000 soldiers, Marines and coalition forces into a very small country about the size of Massachusetts," says Maj. Gen. Rip Dettamore, commander of the 335th and head of communications for all land forces in the Middle East.

Military units had to be plugged into the infrastructure that would connect them to their lifeblood -- supplies, intelligence and instructions. Although there was a secure backbone for units already stationed in Kuwait, the 335th had to scale the infrastructure from 10 routers to approximately 600. Network bandwidth had to jump from 16 Mbps to nearly 200. Every unit needed a satellite link, IDS, router and other hardware and software.

The mission was immeasurably difficult because different services used different systems and standards. Even the various parts of the U.S. Armed Forces using the same equipment would configure them differently. Then, there was the need to integrate different databases and OSes to provide unified views of theater operations.

Another aggravating factor was that responsibility for critical IT jobs was split among different organizations because the total task was larger than the Army, the Air Force or the Marines could handle individually. For instance, the Army would install IDSes, but the Air Force would run them.

"I'm going to send this airman out, who is going to put in this new intrusion detection sensor, and you're going to have to reengineer the data package, maybe change the IP subnetting, which influences the way the routers work," Lantzy says.

While much of the equipment is off the shelf, important elements of the infrastructure are specific to the military and make securing the network easier. The Army uses one unsecured network that's connected to the Internet, and two closed satellite- and microwave-based networks for all critical information, as well as voice communications and video teleconferencing. Frequency-hopping and NSA Type-1 encryption are standard issue. All traffic and networks are protected with layers of firewalls, IDSes, proxy servers and tightly configured routers.

Hostile Environment
The climate was as hazardous and unwelcoming to the equipment as it was to the IT soldiers. In the first days of the war, the worst sandstorms in decades kicked up, leaving foot-deep drifts overnight and driving sand everywhere. Soldiers venturing into the open had to completely cover themselves to avoid getting burned by the blasting particles. The weather became a concern for the 335th, which had to keep shifting and blowing sand from tearing apart the infrastructure.

"Opening up a server over there at a garrison base where it had been running a couple of months, the dust was an eighth of an inch thick, at least," says Lantzy. "It looked like somebody took the cover off and just poured it in there."

Soldiers had to constantly clear out equipment with brushes and fans. In some cases, they improvised makeshift telecom facilities and data centers to protect equipment from the elements.

At first, in mid-March and early April 2003, the heat wasn't too bad in Kuwait, hovering in the 70s. Later, temperatures crept up to summer highs of 130 degrees. "You could be standing outside, and you felt that you had 2,000-watt hair dryers blowing in your face," says Dettamore. The 335th deployed air conditioning units to keep buildings, tents and shelters cool.

"You'd much rather be in the air conditioning taking care of the equipment than trying to sleep in a tent when it's 130 degrees," he laughs. "Given the two choices, it's no wonder that the equipment was clean."

Combat Conditions
Even with the occasional relief of cool air, the 335th had to keep systems up and secure under difficult conditions. Under the threat of chemical attack, Lantzy and his unit lived in their heavy protective suits for nearly two weeks. A rising and falling wail announced incoming missiles, and everyone at the base had to don a gas mask, boots and gloves. The sirens would give way to the whoosh of intercepting Patriots.

The threat of chemical-tipped missiles didn't stop the mission. IT specialists often had to work through the air raids, which presented their own challenges.

"It's hard to type," Lantzy says. "Most people use a pencil to type one letter at a time, because the gloves are so [thick] that you mash several keys at the same time. It's a very frustrating exercise."

No matter the threat, the basic tasks facing corporate information security personnel were the same. IDSes and firewalls needed configuring, servers needed patching and AV needed updating. Soldiers of the 335th had to monitor attempts to breach the network. Their mission was complicated by the massive scale of their operation and the possibility that the next moment might be their last.

In one case, a server in one of the forward units hadn't installed a critical patch. When the command center called, the unit said it would take a while to install the fix -- its sysadmin had been wounded in a mortar attack.

All the work paid off, with uptimes on all equipment and systems exceeding 99 percent. Dettamore reports that not a single critical video teleconference or data link was lost during the war.

Coming Home
Things are quieter on the home front, and many of the veterans have a greater clarity of mind knowing that safety will always be more important than the latest Internet worm.

But their minds wander back to the desert. Some miss the adrenaline boost of near death and total commitment to a job. Newscasts also bring reality to their doorsteps.

"One of the guys we did some planning with was killed in November," says a subdued Lantzy. "They're your friends, your coworkers, and they're still over there, and there's still a threat."

About the author:
Erik Sherman is a Massachusetts-based freelance writer and photographer.

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)