Air Force Brig. Gen. Robert Skinner is the deputy commander of Joint Force Headquarters — Department of Defense Information Networks. He is responsible for the command and control of defensive cyberspace activities focusing on unity of command and unity of effort within the DoD. He also assists the commander with organizing, training and equipping the JFHQ-DODIN military and civilian force, which in turn is responsible for securing, operating and defending the DoD's information networks.
Following Skinner’s appearance on a panel at TechNet, C4ISRNET caught up with him to ask a few questions about JFHQ-DoDIN’s defensive cyber operations in Cyber Command’s number one task — defense of the network:
When is full operational capability?
Stood up in January of 2015, JFHQ-DoDIN’s Deputy Director of Strategy and Plans, Air Force Lt Col Patrick Daniel said in April at the AFCEA Defensive Cyber Operations Symposium that there is not an exact date for full operational capability.
“The reason we don’t have a certain date is because it’s going to be conditions-based. ... Right now at our IOC, we’re able to do a certain number of functions," he said. "As we grow, as we gain more personnel, we’ll be able to do a larger range of functions that will take us into our full mission capability."
Skinner confirmed that this is still the case. “As of right now there is not [an FOC date],” he said. “We are working with our higher headquarters to actually determine what the specific mission function and tasks that are required that will determine what that date will be.”
During the course of DoDIN defense or operations, is there any intelligence gathering, observing of adversary behavior to get tactics, techniques and procedures or is it more dealing with patching and trying to get instructors out of the network?
Skinner did not disclose too many operational details given the inherent sensitivities in this space. He did, however, offer that “we look at the whole gambit of capabilities and defense and actions to better maneuver our forces.”
The cyber forces are beginning to take an observant approach in order to gain more knowledge on the TTPs of adversaries, especially in training.
Maj. Gen. Paul Nakasone, CYBERCOM Cyber National Mission Force commander, told reporters following the annual Cyber Flag exercise that commanders steered participants toward learning tactics, techniques and procedures for common adversarial capabilities as opposed to blocking traffic as was done in the past.
“Let’s be able to cordon off an element of the network to see the malware develop. … What’s the malware actually like?” Nakasone said. “This is a maneuver force and we are a learning organization. So how do we learn? We learn based upon being able to replicate the threat and then be able to maneuver our forces to see what type of effect we can achieve.”
What is a named operation? Is a named operation merely just eliminating intrusions from the network?
JFHQ-DoDIN's commander on multiple occasions has discussed that the division has been in named operations — even going back to its first days as an operational organization — and how they have deployed forces. JFHQ-DoDIN has “actually deployed forces just like you deploy people within land, sea and air, [we] actually deploy people in cyberspace. That means actually moving them to other parts of the globe and we’ve done that already in a joint fashion,” Lt. Gen. Alan Lynn said in April, adding that at that point it had been involved in nine named operations.
Skinner, noting that JFHQ-DoDIN was involved in an operation in its second day of existence, said named operations don’t just involve eliminating network intrusions.
“You could have a named operation that you want to target against a particular system to make sure that it is persistently protected,” he said. This could be informed by an event, intelligence or information. An operation, in Skinner’s view, “is the synchronization of maneuver forces for a particular objective."