Cybersecurity Is an Important Part of the Military’s Response to COVID-19
The U.S. has shown that it can fight wars on multiple fronts: first, a global struggle against violent extremists, and now, the spread of a deadly virus in the homeland. The U.S. Armed Forces have demonstrated their remarkable capacity to meet the nation's call. In response to the COVID-19 pandemic, they have set up hospitals almost overnight, conducted medical supply flights around the world, deployed hospital ships on both the East and West Coasts and activated reserve and retired medical personnel to support hard-hit communities.
At the same time, the military has continued to conduct critical missions across the globe. One of these missions is working to ensure that military networks have sufficient cybersecurity capacities, including the ability to protect essential communications systems and data networks that support virus response efforts.
After half-a-century of the Cold War and nearly 20 years of combating violent global extremism, it is little wonder that Americans are most familiar with their military's capabilities to fight. The ability of the Armed Forces to build infrastructure, move supplies, and provide medical support was always there, but in the background.
The response to the COVID-19 pandemic has brought particular attention to the military’s capabilities to support civil agencies. The U.S. Army has deployed hundreds of troops to hard-hit areas, including the U.S.-Mexico border, and created 15 Urban Area Medical Task Forces. With 11 active duty and 16 reserve hospitals, the Army’s medical service will play a major role in any pandemic response. The Army Corps of Engineers is proving to be one of the most dependable organizations in fighting the pandemic. It has conducted around 700 site assessments and built or is currently building nearly 30 facilities in several dozen cities, including the Javits Center in New York City.
The Army National Guard has approximately 36,000 service members deployed in all 54 states, territories, and the District of Columbia. They are performing mobile stationary testing sites, mobile hospital construction, support augmentation for management and distribution of PPE, traveler screening at airports and bus stations, and national stockpile warehouse security.
The Navy deployed its two hospital ships, USNS Mercy and Comfort, respectively to Los Angeles and New York, within a few weeks of the order to provide support for overwhelmed medical facilities no longer able to treat patients not infected with the virus. In addition to deploying active duty and Air Guard personnel to support the fight against the virus and replace ill service personnel, the Air Force has conducted logistics flights to bring critical supplies to hard-hit areas.
At the same time, the military has continued to conduct critical global national security missions. Our strategic nuclear forces are maintaining their high readiness. Forces in Iraq and Afghanistan are conducting intelligence, surveillance and reconnaissance missions and providing support to local units conducting operations against remnants of ISIS and the Taliban. The Navy continues to maintain maritime patrols even as it struggles to contain the effects of the virus on ship crews.
Earlier this year, the United States came perilously close to fighting its first two-front war in more than 75 years. At the same time as COVID-19 was gaining a foothold in this country, the U.S. and Iran were engaged in a game of brinksmanship that could have led to another conflict in the Persian Gulf. If Iran had responded differently to the Solemani strike, we could have been at war in the Middle East. Would the U.S. military be able to fight an overseas conflict while the home front was paralyzed due to the presence of what President Trump has called an “invisible enemy?” Secretary of Defense Esper’s decision to temporarily halt changes of station and suspend recruiting would be inconceivable if the nation was at war.
Given the spread of COVID-19 on the nuclear-powered aircraft carrier USS Theodore Roosevelt, the military needs to start thinking seriously about the potential impact of this virus and future viruses on its power projection capabilities. Could the U.S. military fight a foreign war while in a lockdown environment? What if the virus had infected critical personnel and facilities? Even as it addresses current operations at home and abroad, it is important that the Department of Defense develop the plans and capabilities to fight a two-front war of a new kind.
As the military increases its participation in efforts to combat the virus, it must ensure that its networks, smart devices and facilities are secure against cyber threats. Deployed military units such as field hospitals and hospital ships must stay connected to higher headquarters, as well as establish communications with federal, state and local government agencies and private institutions. When dealing with critical health care issues, it is essential that nothing interferes with the timely and secure flow of accurate information. As more and more devices are added to a network, there will be a growing danger of unauthorized connections that compromise data integrity and privacy.
The military has long worked on ways of ensuring the integrity of its networks and improving its ability to detect and isolate unauthorized devices that may be hooked into their communications systems. The Navy has been at the forefront of the effort to implement Comply to Connect (C2C), a framework of tools and techniques designed to ensure that only approved devices are allowed on a network. C2C creates a highly automated platform that ensures compliance of the devices that are entering the network with security standards and access protocols. It does this through continuous monitoring, rapid interrogation, and the isolation of non-compliant devices.
When the decision was made to send the Navy’s two hospital ships to Los Angeles and New York, planned repairs and upgrades had to be completed in a matter of days. Naval engineers scrambled to upgrade the ships' communications systems and networks to both improve performance and ensure their ability to interface with pier-side systems. As part of this rapid upgrade program, the ships were provided with a cybersecurity system based on C2C standards. As a result, both sensitive military information and patients' medical data can be protected.
Cybersecurity must be part of the military response to COVID-19. C2C is applicable to both military medical networks and those operated by civil authorities and the private sector. In the future, as we move to a world built around the Internet of Things, it will be increasingly important to ensure that only authorized devices are allowed on our networks. Fortunately, the technology to do this exists and is being deployed, albeit not as rapidly as it should.
Dan Gouré, Ph.D., is a vice president at the public-policy research think tank Lexington Institute. Goure has a background in the public sector and U.S. federal government, most recently serving as a member of the 2001 Department of Defense Transition Team. You can follow him on Twitter at @dgoure and the Lexington Institute @LexNextDC. Read his full bio here.