DISA Global Field Command provides united boundary defense

By Amy Probst, DISA J-3,5,7 Operations, Plans and Exercises

The Defense Information Systems Agency's Cybersecurity Service Provider team provides strategic partners, such as U.S. military services, combatant commands and other defense agencies, with 24/7, 365 days a year network protection through a united network of analysts in field commands, field offices and monitoring centers across the globe.

The team defends the cyber terrain by alerting strategic partners to possible vulnerabilities and cyber threat indicators that reach from the internet access point to the endpoint.

Monitoring analysts at DISA Global Field Command collaborate across three physical locations to detect malicious cyber activity:

• Scott Air Force Base, Illinois
• Hill Air Force Base, Utah
• Columbus, Ohio

Combing through “mountains of traffic” for strategic partners

“DISA Global Scott, Hill and Columbus analysts comb through mountains of traffic across strategic partner networks to identify and isolate potential bad actors,” says Zam Urquhart, DISA Global Hill contractor site lead.

The analysts collaboratively review data for suspicious activity and send any noteworthy findings as a Tipper to the responsible monitoring team.

“Think of our mission space as a district, neighborhood or community that a police department would patrol,” explains Urquhart. “While on duty, if an officer sees something outside his or her district, they’ll react to the threat and notify the officers responsible for patrolling that area.”

A key advantage: Boundary visibility

Coupled with monitoring and alerting support, DISA Global analysts at all three locations monitor ingress and egress traffic through the Defense Information Systems Network internet access points.

The DISN is the backbone of the Department of Defense Information Network, the third-largest computer network in the world. It has approximately three million users and more than 15,000 classified and unclassified networks.

“DISA Global’s boundary analysis adds invaluable contextual information to guide incident investigations and is an essential advantage for aligned strategic partners,” says Corey Toennies, DISA Cybersecurity Boundary branch chief.

No single cybersecurity tool can paint a complete picture of the cyber landscape or the threats lurking within it, notes Toennies. Boundary and CSSP analysts at DISA Global work collaboratively on incident analysis and synthesize their data to produce the most comprehensive cyber situational awareness possible.

“By correlating datasets from a strategic partner’s network with enterprise boundary data from [internet access points], email and [Domain Name System], analysts can achieve higher confidence in their investigations to effectively scope and eradicate any discovered threats,” says Toennies.

Working hand in hand for the big picture

DISA Global at Scott, Hill and Columbus all play a critical role in ensuring that other monitoring teams have up-to-date information on the boundary. Analysts provide situational awareness on traffic and threat monitoring for DISA’s DODIN areas of operation across the globe.

When looking for or through compromised data, DISA Global analysts at all three sites work together closely to determine whether a threat is real – and if so, the next steps to mitigate it.

“We operate jointly across our different areas of responsibility to discover and defeat threats,” says Toennies. The result is optimal cyber defense of strategic partners from the boundary to the endpoint.

Visit DISA.mil for more agency news and events or receive them directly to your inbox. Simply subscribe to DISA News.