Mission Area
July 1, 2019
Detecting a cyber attack can be difficult with today’s advanced and highly evasive threats increasing in complexity and becoming commonplace. Globally, the scope and pace of malicious cyber activity continue to rise. The U.S. Army Cyber Command (ARCYBER) was organized in part to operate and aggressively defend the Army segment of the Department of Defense Information Network (DoDIN-A). The Army Enterprise Service Desk (AESD) acts as a ‘cyber sensor,’ strengthening the first line of cyber defense against potential threats to the DoDIN-A. Systems and tools are not enough in today’s cybersecurity arena. Last year, the AESD received a particularly high volume of calls in a short period of time from an Army installation regarding inability to access e-mail through Microsoft Outlook. Chuck Brainard, former requirements manager at ARCYBER recalls the incident. “The tools suggested it was an isolated outage to a few people, but the humans that were working at the service desk said it’s a general outage on the east coast affecting hundreds of thousands of people in the United States Army. To understand the actions needed to be taken to restore, we need all of that information.”
There are all kinds of tools out there trying to do the sensor mission but as this instance proves, information can slip by systems. What makes the AESD stand out is its cyber threat sensor function - specifically its human sensor function, which puts it on the front line in the cyber fight. The AESD produces incident, timing, quantity and impact of events information which supplies trend analysis data for use by ARCYBER’s Army Cyberspace Operations and Integration Center (ACOIC). Cyber threats increase, evolve daily. Never has the defensive cyber mission been more important. A Computing Technology Industry Association (CompTIA) study showed that integrating service desk functions with cyber security capabilities can help mitigate cyber threats. Enter the AESD, known throughout the Army for providing support for enterprise services such as e-mail, mobile devices, assured identity functions, Army Knowledge Online and handling end-user issues for the Army community.
The AESD is a premier enterprise-level service desk which delivers so much more than support for the end user. It is organized as ‘one desk’ with various geographical locations worldwide, supporting all Army theaters of operation. The AESD has a location in Europe, which supports U.S. Army forces in Europe and Africa; in Hawaii, supporting Army forces in the Pacific; in Korea supporting 8th Army forces; and CONUS (continental United States). Each supports the respective theaters and each other. From an information technology (IT) perspective, the AESD’s mission is to provide a strategic single point of contact between the Army IT users and the Army IT services provided with one universal phone number.
The AESD ‘one desk’ concept provides a unified approach which adds security and simplicity to servicing more than one million Army users worldwide. Think about it: all day, every day, 24 hours a day, 7 days a week and 365 days a year, the AESD is in constant communication with its customers. This one desk, one number system covers every Army user. Incidents and potentially dangerous outages can compromise the Army’s mission. When a number of similar problems are reported or a specific location is spiking in call volume, the AESD provides the data to ARCYBER to defend the network.
The AESD gets a great deal of input quickly. Each call delivers incident-related information while supplying the metadata needed to track suspicious activity, making it easier for agents to identify patterns and trends to quickly pinpoint the necessary steps toward mitigation. Add in the abilities to assess, decide and act, and you now have a custom security framework that helps outline how to find, respond to, and contain IT security threats.
A powerful change is coming with the transition of the AESD from the command and control of the Program Executive Office for Enterprise Information Systems (PEO EIS) to ARCYBER, expected to occur in the summer of 2019. ARCYBER will converge all existing decentralized help desks into the AESD, leading to greater operational and fiscal efficiencies, enhancing defensive cyber operations (DCO) and providing ARCYBER with a more robust common operating picture of the DODIN-A.
At the 2018 Armed Forces Communications & Electronics Association (AFCEA) TechNet Augusta conference, John Price, AESD project officer and Chuck Brainard, former Requirements Manager at ARCYBER, presented how the human sensor function trumps simply using tools when it comes to understanding incidents.
“One of the things we realized really early was that one of the most important sources of information that we may actually get about what is going on in the state we call the DoDIN-Army, are these agents that work on the service desk in our defense - they are actually talking to users and getting first-hand, what is happening,” said Brainard.
Most organizations don’t do data analysis on their tickets for patterns which could indicate a problem and systems rely on tools, but in the cyber defense system, it’s the human sensor analysis that helps map cyber ‘kill chain’ steps toward mitigation. Brainard pointed to the call between an end user and an agent as “the key to going from sense to understanding quickly.” It’s that understanding that leads to critical, informed, timely decisions and action toward mitigating potential threats. The human sensor function of the AESD is the first responder for establishing an accurate DCO common operating picture, providing continuous operational analysis and information when speed and time are of the essence.
As today’s cyber threats increase and diversify, the AESD is on the front line, protecting, watching, waiting and ready to respond by providing accurate and cogent information to Army leaders so they can make informed, decisive actions to counter cyber threats. The AESD is helping shape cyber defense operations for the Army, while keeping its service to customers its top priority. The AESD can be reached at 1-866-335-ARMY.