ABERDEEN PROVING GROUND, Md. — Col. Joseph Dupont is the US Army's first cyber "trail boss" and he equates his job to "wrapping my arms around water and holding on tight."
The job leading the Army's Cyber Acquisition Task Force is "all about enabling the Army to operate in cyberspace," Dupont told Defense News. "That ends up being a very vague subject for many people."
Dupont stepped into the newly created role in August after leaving his post as the Army’s electronic warfare project manager in July when Col. Marty Hagenston took over the job.
The trail boss is tasked with wrangling three major program offices identified as key to solving the cyber materiel problem: PEO Command, Control, Communications-Tactical, PEO Intelligence Electronic Warfare and Sensors, and PEO Enterprise Information Systems. PEO C3T has the lead on the tactical internet, PEO IEW&S has the cyber offensive lead and PEO EIS is in charge of the Army's network.
By coordinating the three PEOs, Dupont said, "there was also recognition that, well, if you know if IES is building tools to define the enterprise, can those same tools be used to defend the tactical network? And if C3T is developing and buying tools to defend the tactical network, can those be used to defend the enterprise? Well, the answer is absolutely."
Additionally, the Army recognized that things it must do to develop the defensive side of cyber operations may affect things it is trying to do on the offensive side and vice versa, Dupont explained.
"The whole idea behind my role right now," which Dupont joked he could be accused of building himself into, "is to take these three PEOs and say, ‘All right Alright, we can’t do things in a vacuum because what you’re developing and/or buying may impact what your brother is doing on the other side.’ … It’s trying to bring three PEOs together and have a much better integrated and synchronized manner from which we actually provide materiel solutions."
But coordinating program offices is only the tip of the iceberg in terms of the philosophical wrangling Dupont will need to do.
At the highest level, the Army is struggling to figure out what it really needs on the materiel side in order to operate in cyberspace. Sometimes acquisition of tools are similar to normal processes, he said, and "in some cases, because it's still somewhat vague, how do we operate in cyberspace, it's very difficult right now for the Army to write up a requirements document that says: 'Here's exactly what we need, here you go [project manager], go build this.' "
Some things the Army needs for defensive cyber capabilities are obvious, like anti-virus and anti-malware capabilities, but others still need more clarity work to define such as tools needed on the defensive side like ways to be alerted to a potential cyber attackis happening, where it’s coming from and who might be doing the attacking. Tools for denying an adversary an opportunity to get into the protected network are also needed, Dupont said.
Defining what is needed on the offensive side is even more challenging because the Army must operate within national authority "because it's not like as an Army you can go out there and start messing around with someone's computer," Dupont said. So within those constraints, "what is it we really need on the offensive side?"
Specifically, the Army is focused on defensive cyber operations infrastructure and tools, Dupont said, and is working on Web vulnerability tools, which helps identify where vulnerabilities are and how to patch them.
The Army also is also working on developing cyber situational awareness, he said, which "was identified as the No. 1 number one capability gap across cyber operations — offensive, defensive and the [Defense Department Information Network] DODIN."
Col. Joseph Dupont is the US Army's first cyber "trail boss," and he equates his job to "wrapping my arms around water and holding on tight."
Photo Credit: US Army
Cyber situational awareness is another area that ends up being vague for some, Dupont said. "What does it look like? ... If I'm a commander on the ground, a brigade commander, I provide them a common operational picture. ... How do you map that out in cyberspace?"
Funding is another challenge for Dupont — not necessarily having enough — but figuring out what is already funded to accomplish some of the things the Army wants to accomplish in the cyber domain. "There are two difficult pieces," he said. "One is identifying the funding [the Army] already has, what is cyber-related and how much more do they really need. There's no easy answer to try to figure that out right now."
One of Dupont's responsibilities is to oversee the execution of funding that has been provided for cyberspace requirements, so "if X number of dollars has gone to a particular PEO and they can't execute, what do I do with that funding? I can give to one of the other PEOs."
Dupont's also tracking how the Army acquires cyber capabilities and looking for more agile ways to procure solutions. In June, the Army put out a pre-solicitation to industry for deployable defensive cyber operations infrastructure capabilities for cyber protection teams, selected four possible vendors, then down-selected to vendors who demonstrated their solutions in August at Fort Gordon, Georgia. Then the Army made a procurement decision.
"We had an industry day in May and by the end of September, we had procured a product," Dupont said. "The interesting thing is what did we do different. The only thing we did differently is we actually used a method available to us that doesn't typically get used," which is using a consortium where industry can become a member and bid on future work.
"Because it was so successful, I want to try to use that again because we have additional needs requirements that have to be filled," Dupont said. "The big question is we have this big basket of requirements; now what do we want to get after that?"
Email: jjudson@defensenews.com
Twitter: @jenjudson
Jen Judson is an award-winning journalist covering land warfare for Defense News. She has also worked for Politico and Inside Defense. She holds a Master of Science degree in journalism from Boston University and a Bachelor of Arts degree from Kenyon College.