Army software official says service can now see which units are downloading patches

The Army’s new software repository is giving cyber leaders insight into which units are downloading patches, the lead software official at the Army’s Communications-Electronics Command (CECOM) said.

The capability is a major step forward from CECOM’s previous method of sending patches and software updates: mailing CDs. The repository was first launched with pilot users a year ago. Now, the repository sees about 3500 downloads a month for 76 software systems, Jennifer Swanson, who leads CECOM’s Software Engineering Center, said.

“We were distributing software by mailing it … units were getting inundated with a bunch of CD’s that they didn’t know what to do with,” Swanson said of the old system during AFCEA International’s TechNet Augusta conference. “So you are always behind.”

CECOM oversees the management of the Army’s command, control, computers, communications, cyber, intelligence, surveillance, and reconnaissance (C5ISR) systems. The repository hosts patches for software that run the weapons and business systems under CECOM’s command, but it is working with other offices to expand.

One example of the new software repository working is the patch CECOM issued following the  SolarWinds breach. Once the Army got the patch for SolarWinds’ Orion network monitoring tool that was compromised by Russian hackers, it posted the new code and most units had it downloaded within a day, Swanson said.

“We were able to turn the patch around very quickly … we were able to put it right up on the repo and we were watching units downloading it,” she said.

Having that information gives cyber defenders a clearer picture of where the Army has known vulnerabilities, according to Swanson. The goal is to continue expanding the repository and improving the user interface.