Imagine this. Your brigade is part of a Corps level task force preparing to move into an allied country to push out an invading Army. The unit has been on site for several weeks and is just waiting for the order to attack. One day you get a call from one of your battalions informing you that their SIPR call manager has crashed and that they will need to reimage the system. You reach into your box of CD/DVDs to find the call manager disks and discover that you don’t have it…..FML
When I first entered the Army in 1999 there was very little that was “digital” when it came to tactical communications. With the appearance of WIN-T on the battlefield though the number of types of digital systems (CPOF, DCGS-A, LAN Manager, etc.) has exploded, and with each new type of system there is one or more baseline image for that system. Within a BCT for WIN-T Inc 1 alone (management, laptops, call managers, etc.) there are currently at least nine of images required which are made up of over 21 disks. In short, that’s a huge number of disks that must not only kept on hand but maintained.
When a unit comes through NTC, my resident CECOM guy, Frank firsts asks them if they brought their collection of disks with them. The most common answer is “no” but even when they do bring them, there are almost never complete. Routinely they are missing an image or two or the images that they have are not the actual current image making them useless. On top of image disks, we also need to maintain the quarterly update disks that are used to keep the images current.
For most units at home station in the field, and even to a fair extent at NTC, the answer is simply to ask your CECOM/GD guy if you can borrow their disk but what if that isn’t an option? If/when the US enters its next battlefield there is the distinct possibility that FSR support will be limited at best while active fighting is occurring. That means that units must be self-sufficient (including being able to reimage critical systems when needed).
Maintaining Your Image Library
In my mind, for WIN-T systems, the Brigade NETOPS is the keeper of the disks. That means that your team is responsible for receiving all baseline and quarterly update disks and maintaining them. The support disk which is included in each quarterly update contains a list of all of the current baseline images. This list should be used to inventory your software collection on a regular basis (for me, I did it at least each month when we did our sensitive items inventory or before and after each time we went to the field). As part of this inventory, old disks that have been superseded should be destroyed.
I kept at an absolute minimum two copies of each disk. My “master” collection contained originals of all disks in my inventory and was kept in a secure area in my office. These disks never left my office and were always there in case in needed to duplicate a disk for some reason. My “working” collection went with NETOPS wherever it went when we would go to the field. Ideally this collection was made of original disks (you’ll often get multiple copies of each image/update disk from the PM) but if not, they contained copies of the original that I had made. These were the disks that were used to routinely images systems as needed. If a unit needed a disk, it was hand-receipted to the person while they had it. If/when something happened to these disks though, I was always able to replace it with another copy from my master collection.
In theory (although not always in reality), quarterly update disks come out about every three months. These updates have to primary purposes. To provide the current software security patches and to fix problems that have been identified in the image previously. These patches play a critical part in keeping our networks secure.
Once received, a quarterly update disk is added to the software collection just like the image disks. It is important to ensure that all systems are patched as soon as possible once you get your update disks from the PM and every time you have to reimage a system afterward. Updates can take a fair bit of time so this must be considered when running the updates but it must be done. I have seen some units come through NTC who were nearly two years behind on their updates including a complete reimage of the system. When you figure out the amount of time needed to complete all of your systems, the last place you want to be doing this is at NTC but it is a requirement before going into the box.
One last note. As many of you are aware, there is a cyber “red team” that takes part in rotations here at NTC. While I won’t go into details about them, I will tell you that unpatched systems, along with default/weak passwords are the top two ways that they are able to gain access to systems and servers. When you consider the fact that your management systems have access to every device on the network, it may not be a bad idea to ensure that it is protected.