NETCOM US Army Fort Huachuca

FORT HUACHUCA, ARIZ.: On his way west for a major Pacific summit, Defense Secretary Ashton Carter made sure to stop here in the Arizona desert to visit a new cybersecurity center.

The nascent “fusion center,” which reached Initial Operating Capability (IOC) in the last three months, will monitor Army networks in new ways. Carter changed his schedule to come here, making clear the center’s importance. With countries like China pushing ever harder on the virtual door, improved security is a top priority.

“We’ve never had visibility before” across the network like this, Col. Mark Baxter told reporters. “We’re just scratching the surface…. We’re not even at the point now of even using that data” to its full potential.

As the Army’s fractured networks consolidate into a single Joint Information Environment (JIE), thousands of computers that didn’t previously communicate are now reporting data automatically to the new fusion center. This information simply didn’t exist in one place before. It will take big data analytics to fully exploit it, Baxter said, combing through gigabytes of information to find patterns and anomalies that might indicate enemy action.

Carter at Fort Huachuca ShangriLa trip 2016 (1)

Defense Secretary Carter being briefed on Army Tactical Ground Sensors at Fort Huachuca.

(Though Baxter didn’t mention it, Deputy Defense Secretary Bob Work and others have argued that it will ultimately take artificial intelligence — machines that think — to truly monitor such masses of cybersecurity data and respond to threats in real time).

Baxter is chief of staff for Army Network Operations Command (NETCOM), the IT service provider for the largest military service. Historically, he explained, Army networks grew bottom-up, like topsy, with each base and unit designing, buying, and building its own ad hoc solution to its own local problem. The result was a patchwork of inconsistent and often incompatible systems that were impossible to monitor, let alone protect.

“When you have a thousand different entities with direct connections to the Internet, you don’t have the coherent management and the training necessary to implement the blocks and the firewalls,” said Baxter. “The process today to block a bad port or a bad protocol (or) a bad actor… involves generating orders, transmitting those orders to hundreds of locations, (and each of them) implementing it through their own tactics, techniques, and procedures” — and good luck getting everyone to do it right.

When the new system is fully operational, by contrast, said Baxter, “one operator downstairs in the fusion center can do what now takes us weeks” to do less well.

The JIE initiative aims to consolidate hundreds of inconsistently protected internet access down to 25 — five of which are already in place — each monitored by a robust Joint Regional Security Stack (JRSS). It’s a mammoth multi-service effort too big for any one program, and the stakes are high, both to improve security and to create a single seamless network linking home base HQs to frontline forces.