STOP NOW. You are an
intruder on an Army computer system patrolled by the Army
Computer Emergency Response Team. Leave this site NOW.
By Master Sgt. Joan
dominance took a giant leap into the future March 17,
when the United States Army Intelligence and Security
Command ceremoniously opened the Army Computer Emergency
Response Team Coordination Center at Fort Belvoir, Va.
Its mission is to re-write
the books on how the Army handles the newest threat in
the field manuals computer hackers.
The team, also known as
ACERT/CC, is the newest division to be formed under the
two-year old Land Information Warfare Activity led by
Col. Halbert F. Stevens. Its chartered with the
responsibility of detecting, tracking and reporting
computer attacks against Army computer networks.
LIWA received the mission
in February 1996 to form the response team. A year later,
under the guidance of INSCOM Commander Brig. Gen. John.
D. Thomas Jr., the ribbon-cutting ceremony signaled the
commands readiness to take on the challenging goals
of command and control protect (C2 protect) operations in
support of the Army.
"Its an element
whose time has come," said Lt. Gen. (Ret.) Paul E.
Menoher Jr., former deputy chief of staff for
intelligence. "C2 protection of information
assurance is absolutely critical."
Future plans include
regional computer emergency response teams, called
RCERTs, which will be located around the world. One
regional team is already operational in Europe. ACERT/CC
is currently operational Monday through Friday, 12-hours
a day. Eventually, it will be operational 24-hours a day.
ACERT/CC is a joint venture
among the information operations triad of the Department
of the Armys Deputy Chief of Staff for Operations,
Deputy Chief of Staff for Intelligence, and the Joint
Chief of Staffs Director for Command, Control,
Communications and Computers (DISC4). The ACERT/CC role
is two-fold: help the Army identify computer systems
vulnerabilities and prevent hackers from accessing those
same systems by exploiting those vulnerabilities.
Set-up to operate under the
INSCOM umbrella, ACERT/CC receives missions from the
Department of Army, Deputy Chief of Staff for Operations
and assistance requests from any Army command. According
to Lt. Col. Bob Vrtis, the Land Information Warfare
Activitys chief of information assurance, ACERT/CC
prioritizes the incoming requests for assistance, however
the Department of the Armys deputy chief of staff
for operations can direct their priorities.
A hacker demonstration was
conducted as part of the ribbon-cutting ceremony. An
ACERT/CC computer security expert conducted the
demonstration, saying that you have to "think like a
hacker and try to break into a system." For example,
if an Army organization requests the teams
assistance in checking out its vulnerabilities, a team
member can sit at a computer terminal and attempt to
break in from the remote site much like a
The goal is to access the
"target" and gain system administrators
privileges, then erase all electronic record of the
contact. In the case of a malicious hacker, the goal
might be to alter files, delete information, or replace
an Internet web site.
While the team can diagnose
such vulnerabilities long-range, Vrtis said you lose a
lot by this process. "What you miss is the hands-on
approach of providing personal attention and training to
the systems administrator," he said. ACERT/CC sends
out forward support teams to various sites on request.
ACERT/CC is also the
first-line of defense in tracking down computer hackers
whether it is a teenage hacker trying out his or her
skills on a military target, or a person attempting
espionage. ACERT/CCs main thrust is to deter
outside intrusion into the Armys systems.
"Deter is the key
piece and focus of what ACERT/CC is all about," said
"Whatever else it is,
ACERT/CC is not a police activity." Stevens said
ACERT/CCs role is to determine if there is a
hacker, and then use the established notification process
to report and coordinate responses, such as in the case
of any other potential crime.
ACERT/CC chief, said that depending upon the incident, it
could be reported to USA Criminal Investigation Command
or another appropriate Army activity. She has been
involved in writing those reporting procedures while
forming ACERT/CCs nucleus.
Schalestock visited other
agencies, including the Navy and Air Force, both of which
had previously formed emergency response teams to address
computer security issues. She was able to draw from the
other services experiences, along with Defense
Information Systems Agency, to focus the ACERT/CC
She said the ground work is
established for getting operational procedures in place
and formalized. The ACERT/ CC staffing is another
on-going challenge. ACERT/CC is currently staffed with a
mix of contractors, Department of the Army civilians and
military. Stevens said that resources are being
reallocated from existing entities within the Department
of Defense, which will enable the ACERT/CC to grow to its
target strength of about 20 people.
Educating the rest of the
Army about a new system or organization is part of the
evolution process. Plans call for a web site on the Army
homepage featuring information about ACERT/CC services.
Vrtis said they intend to
be proactive on notifying their "customers"
about vulnerabilities by forming a service database and
"Email" notices to consumers. The team will
also provide LAN managers with the software tools they
need to combat attacks.
capabilities further blur areas of responsibility among
the various agencies in a joint environment. ACERT/CC
provides valuable support to the operational side of the
operations is a combat multiplier..." said Maj. Gen.
David L. Grange, director of operations, readiness and
mobilization, deputy chief of staff for operations, at
the ribbon-cutting ceremony. "It is critical for the
survival of the Army. Information dominance is the
Achilles heel." Grange added that he is
convinced the Land Information Warfare Activitys
forward support teams have prevented further conflict in
recent areas of operations.
Stevens said that the
ACERT/CCs primary focus is to support the land
component commander. In these days of joint missions, he
added that it is difficult to draw the line for areas of
"It depends on who
gets tasked with the mission," said Stevens.
"If the Army gets the lead, then (they will)
coordinate with the other players."
Many decisions are yet to
be made. Meanwhile, Vrtis and Schalestock are charged
with forging ahead drawing a road map to the
"We play it by
ear," Schalestock said. "Theres no
(predetermined) path to take."
ACERT HOT LINE
Army Computer Emergency
Response Team Coordination Center, call 1-888-203-6332
from the United States or DSN
from overseas military phones.
Sgt. Joan Fischer is the NCOIC, Public Affairs Office,
U.S. Army Intelligence and Security Command at Fort