You're listening to the Cyberwire Network, powered by N2K. Defense contractors face immense pressure to comply with CMMC 2.0 security standards, needing a secure, user-friendly file-sharing solution. KiteWorks, a FedRAP moderate authorized solution, supports nearly 90% of CMMC 2.0 level 3 requirements, reducing compliance effort and cost. KiteWorks leverages a zero-trust framework for swift compliance and offers a secure platform for defense data protection needs with advanced security features and ease of use. It's intuitive UI, mobile apps, and centralized policy management simplify administration. Accelerate your CMMC 2.0 compliance and address federal zero-trust requirements with KiteWorks universal secure file-sharing platform made for defense contractors. Visit kiteworks.com to get started. This episode is brought to you by Microsoft Azure. Turn your ideas into reality with an Azure-free account. Get everything you need to develop apps across cloud and hybrid environments, scale workloads, create cloud-connected mobile experiences, and so much more. Discover what you can create with popular services free for 12 months. Learn more at azure.com. That's azure.com and sign up for a free account to start building in the cloud today. Hey everybody, Rick here. Back in 2021, on the 20th anniversary of the 9/11 attacks on the United States, Elliot Peltzman, the N2K Cyberwire Sound Guru, and I did a special episode to commemorate my experience at the Pentagon on that fateful day. So here we are in 2024, three years later, and we thought it would be appropriate to re-broadcast that episode to refresh the memory as the significance of that day starts to fade away in the American mind. So here's the episode one more time called a CSO's 9/11 story. I was stationed at the Pentagon on 9/11, and you might say I had a bird's eye view of when the entire war on terror began. As I record this, President Biden has just finished bringing home all the remaining American soldiers from Afghanistan. He wanted America to be out of there before the 20th anniversary of 9/11, the event that precipitated going there in the first place. It brings to an end Operation Enduring Freedom, the Afghanistan War, Operation Freedom Sentinel, the Afghanistan Support Mission, Operation Iraqi Freedom, the Iraq War, and Operation New Dawn, the Iraq War Transition. There is still one operation ongoing in the Middle East. Operation Inherent Resolved, the military intervention against the Islamic State of Iraq and the Levant. We refer to all those operations combined as the War on Terrorism. After 20 years, here's the bottom line, the longest war in American history by 10 years, Vietnam, just over 7,000 U.S. soldiers and DOD civilians killed, approximately 53,000 U.S. soldiers and DOD civilians wounded in action, about 30,000 active duty personnel and war veterans death by suicide, the death of 325,000 local citizens of Iraq, Afghanistan, Yemen, Syria, and Pakistan, and the American financial cost in dollars is north of 5.4 trillion. Out of the 13 wars the U.S. has fought in its history, it ranks seventh in total number of soldiers killed right between the original Revolutionary War with over 4,000 dead, and the Mexican War with over 13,000 dead. And after all of that, I'm not quite sure what we got for all of that blood and money spent, but I will leave the question of whether or not that was a wise investment of our national treasure to another time. On 9/11 though, that actual horrible day, I began taking notes about what was happening because I knew it was historical and that I would want to remember the details down the road. I finished tweaking my notes on 12 November and shared them with some close personal friends and some family members who were interested, and then I completely forgot about them. As this is the 20th anniversary of 9/11 though, I thought it was time to revisit them to see if my memory of that day and subsequent days had fogged over or if I could pull some insight from that experience. If you're so inclined, I've included the text of the original thoughts in the show notes for this podcast just to keep myself honest. After rereading it though, I realized I didn't capture half the stories that I have been telling friends and colleagues ever since. This show is an exercise in capturing those stories. Be warned though, 20 years is a long time and memory is a funny thing. All I can say is this is how I remembered it. I'm not going to try to revouch for every detail. My name is Rick Howard. You're listening to a special bonus episode of CSO Perspectives about what happened to me while stationed at the Pentagon on 9/11. When I got promoted to Lieutenant Colonel, the Army assigned me to the Pentagon to be what was essentially the network manager for the Army Operations Center or AOC for short. I worked there from July 1998 to December 2001. Back then, the AOC coordinated global operations for the United States Army, and my job was to make sure that all of its communication systems worked 24 by 7. At the time, the AOC was located in a basement skiff or sensitive compartmented information facility. Two floors below ground level inside a bunker of reinforced steel and concrete, 60 feet below a parking lot on the north side of the five-sided building. The Pentagon itself covers some 29 acres, including a five-acre courtyard in its center, and it houses some 17 miles of hallways. It has five floors above ground and two below. On each floor, there are five concentric hallways or rings A through E, with air gaps between each ring. At one point in its history, it was the largest office building in the world, and approximately 23,000 employees worked there every day, and this is before the pandemic. Amazingly, Flight 77 hit the Pentagon side that was in the middle of an anti-terrorism uplift and modernization project. Just prior to the crash, it had been reinforced and renovated, was way stronger than it had been, and on that morning, also relatively unoccupied. Normally, some 5,000 people would have been working in those offices. Instead, only 125 people were killed, not counting Flight 77's passengers, that numbered 64. When I first arrived in the AOC in 1998, the communications systems that I was responsible for was a range of commercial off-the-shelf servers and workstations, you know, Microsoft Windows, some security tools like firewalls and antivirus, and networking equipment on both the unclassified Nipernet and secret Sipernet networks. We ran email servers, database servers, web servers, and other applications on both networks. We also ran proprietary communications systems on Unix servers on the secret side, but there was little redundancy. If one server failed, several key and essential applications would go offline. So, we spent the next two years making everything redundant in terms of separate servers for each essential application and redundant internet links to ensure that if there were any catastrophic failures, the AOC would continue to function. We even had an alternate location, CIDAR, that was originally designed back in the 1960s as an alternate location for the government, you know, for the president and his staff. You know, just in case the Russians launched nuclear missiles at DC, thank Cheyenne Mountain from the movie war games. In 2001, though, nuclear missiles had improved so much that CIDAR offered no protection from them, but the AOC and other Pentagon organizations kept using it as an alternate command post for other potential and more mundane catastrophes. It did have one of the best mess halls that I have ever been in in my long army career. We even practiced switching over to CIDAR from the Pentagon AOC a couple of times just as an exercise. The plan was that if ever we needed to leave the Pentagon, essential personnel would form outside in the parking lot and pre-arrained school buses would drive everybody to CIDAR. On that morning, I left the house around 0600 and caught the Springfield Metro Yellow Line train to the Pentagon. I remember the weather was beautiful, crisp blue skies and wispy white clouds, wonderful fall temperatures. I arrived at my AOC office around 0700, dropped my stuff off and quickly checked email. I let the AOC almost immediately to attend a mandatory 0800 retirement briefing. The briefing was for all military close to their retirement date and the auditorium was on the fifth floor above the Metro Concourse. That's the subway station that services the blue and yellow line underneath the building. The Metro Concourse side of the Pentagon was two sides away from where Flight 77 crashed into the Pentagon. Flight 11 hit the world trade center at 0846 and Flight 175 did the same at 0903. But since we were in a briefing, nobody in the auditorium knew what was going on. When Flight 77 hit the Pentagon around 0937, we heard the fire alarms go off, but everybody in the auditorium treated it like another fire drill. Ho hum, yawn, here we go again. You know, the Pentagon's really old. You know, we have false alarms all the time. I did hear a loud noise prior to the alarms, but it sounded to me like somebody had dropped a big stack of dishes off a table on the ceiling above us. I didn't hear a plane crash, though. The retirement briefing typically was still going through with slides, but we were hearing a lot of commotion in the hallway. Finally, the briefing said something like, "Hey, somebody take a look in the hallway to see if there's actually a fire somewhere." That's when we saw the large crowd of panicked people running in the hallways and the enormous cloud of smoke billowing in the air through the inside windows that overlooked the courtyard in the middle of the Pentagon. We knew something was wrong, but we didn't know what yet. We still didn't know about the World Trade Center, and we definitely didn't know yet that a plane had hit the Pentagon. The security guards moved up towards the exits at the South entrance, and for the most part, it was orderly until the lines started to bunch up at the doors. And then, the worst behaving people at the moment were not the civilians nor the lower ranks. The ones that were vocal, angry, visibly scared, and acting out were the kernels. I remember thinking to myself how poor of an example they were setting for the rest of us. When I made it out of the building and into the parking lot near the South entrance, I saw huge fireballs leaping high above the Pentagon's roof. People were lined up on the outside of the parking lots, just watching. I ran into several friends and acquaintances. That's when I found out about the World Trade Center and that we were under attack. I even ran into my next-door neighbor. His uniform was in tatters, and it had blood stains and burn marks all over it. He was okay, but he was definitely close to the impact area when it happened. The Air Force immediately started doing flying patrol missions around the DC area to protect against any other hijacked plane attacks. But none of us on the ground knew that. When they first showed up, there was a moment of panic in the parking lot as security guards ran at us, hands waving in the air and yelling to get away from the building and the potential for another crash. I gravitated to the crash site side. My concern was that from where I was, I couldn't tell if the fire had reached the AOC part of the building. I didn't know if any of my people had been hurt either. And there was the entire plan of getting to the alternate site, side R. I had to get my people up there. So I started walking around the Pentagon to get to my side of the building. The security guards kept pushing the crowd back further and further away from the crash. I had to hop the fence at Arlington Cemetery and cut a cross because the guards wouldn't let us get any closer. By the time I made it to the Pentagon's river entrance side, I could tell that the AOC side of the building was unaffected by the crash, at least on the surface. The fire was not close, but I didn't see any of my folks on the outside. I hadn't run into a single person from the AOC. There were hundreds of people milling about, and I didn't recognize any of them. About that time, buses from Walter Reed Hospital, filled with doctors and nurses, were just pulling into the parking lot. They grabbed equipment and stretchers and started running into the building. So, along with a bunch of other people, I picked up one end of a gurney and ran in with them. And once I got into the building, I tried to peel away from the group and head downstairs to the basement in the AOC hallway. But the smoke was so thick and the stairway was dark that I couldn't make it. There was nobody in the stairway either. So, I made my way back to the medical folks who were setting up triage stations in the Pentagon Center courtyard. Some Air Force General had organized everybody in the courtyard into various triage team functions. For at least a couple of hours, I sat as part of a stretcher team waiting for casualties to come out. But nobody ever did. We heard the firemen try and try to get through to the crash site, but the fire was way too hot. They couldn't get through, and they tried numerous paths to get in, but all failed. I learned later that the casualties were brought out through the outside of the building, but we didn't know that then either. There were about 200 of us in there sitting around hoping to do something useful. The longer we sat there, though, the more we all knew that there weren't going to be many survivors. I left my cell and beeper back in the office before I went to my meeting, except for my palm pilot. I actually wrote the first version of this account on my palm while I sat in the center courtyard waiting to do something useful. It didn't matter, though. Nobody was getting through on their cell phones. The grid was jammed. Finally, late in the afternoon, somebody yelled that he got an open line with his wife, so about 30 of us lined up to tell the guy's wife our home phone numbers so that she could call our spouses and tell them that we were okay. Finally, around 5 o'clock, I saw Richard Barger, one of my AOC folks walking around the courtyard looking for food. When the first plane hit the World Trade Center, the AOC activated the Crisis Action Team or CAT. When the plane hit the Pentagon, leadership just closed the doors to the AOC and hunkered down. Richard was so happy to see me. Since everybody in the AOC hadn't heard from me, they feared the worst, and I had no idea what happened to them. So Richard quickly ran me down to the AOC. And by the way, no smoke, plenty of lights. I wondered to myself if I had hallucinated the entire thing. When I finally arrived, it was like a mini reunion. I was glad that they were not on fire, and they were glad that a plane didn't land on me. After the plane hit the building, the resulting fire and smoke began traveling down the hallways in the basement towards the AOC. The smoke was so thick that the leadership team was close to ordering the evacuation of the command center. But Al Neder, one of the guys that worked on my communications team, he's one of those kind of rare renaissance men. You know, he knows a little something about everything from thermodynamics to field dressing rabbits in the woods. He surveyed the situation, analyzed the airflow in the basement, and determined which doors to leave open and which doors to close in order to redirect the smoke away from the AOC. I'm guessing that his actions are what cleared the way of smoke when Richard Barger and I made our way there around 5 p.m. and allowed the AOC leadership to stay in place. He really did save the day. My hat's off to you, Al. When I finally arrived back to the AOC about 1800 now, the place was organized chaos. Because of those redundancies we had worked on for the previous two years, we were the only army organization that still had phones, computers, and internet access. Everybody else that didn't descend in on us to get access, including the other services. I have never seen so many general officers in one place. We were literally running power cords and ethernet cables through the hallways, setting up temporary desks in the middle, plopping spare computers on them, and telling generals to "sit." My lovely wife, Kathy, really did have the harder part of the day. I mean, I knew I was okay, but she didn't, and I couldn't get through to her all day long. Friends and relatives were calling her to see if I had survived, and of course she didn't know, and worried about me getting a busy signal if I ever got a chance to call. She didn't get the word that I was saved until about 3.30 p.m. That's when the wife of the guy in the Pentagon courtyard, who took home phone numbers from the 30 of us, finally called Kathy. She announced herself as being from the Department of Defense. I guess she was trying to be professional about it. To Kathy though, she thought she was getting the official notification about my death. For a couple of seconds there, she thought she was a widow. Very early the next morning, the AOC, now the crisis action team, or CAD, conducted the first official status meeting since the event. All the watch officers were there. The AOC commander, General Peter Corelli was there. The secretary of the Army was there, Thomas White. When they got to the point in the briefing that discussed communications, there was one slide that listed the systems that supported the AOC and the Pentagon. Over 30 if you included all the services from the Navy, Marines, and Air Force, the Joint Systems, and the AOC systems. It was a simple slide with a red or green bullet indicating up or down. The entire slide was red, except for the five AOC systems they listed. At that moment, I realized that the resiliency work that my team did during two years before 9/11 probably saved the day for the AOC. Without it, they would have been deaf for hours if not days immediately after. Years later, I would look back at that moment out of all the things that I got to experience in my 30-year career, both in the military and the civilian world. I would point to that moment as the event that I was the most proud. After the status meeting, the smoke and fire were still a potential threat to the AOC. The leadership team needed to consider an alternate location to move the AOC too. They immediately rejected side R as being too far away from DC to be useful, about 88 miles away. They considered Fort Belvoir 19 miles away south of the Pentagon. General Corelli told me in three other civilians, and forgive me, I can't remember their names, to go to Fort Belvoir to recon the Inscom headquarters or the U.S. Army Intelligence and Security Command, and to coordinate with the Inscom staff for a potential jump of the AOC. So the four of us jumped into somebody's car and drove over to Belvoir. When we got there between 7 am and 9 am, I can't remember exactly. Everybody was trying to get to work, but the post was locked down. After 9/11, the base commander went immediately to something called force protection delta, which is to say that the military police were inspecting every car trying to get on post with a fine-tooth comb. The car line to get into Belvoir stretch back miles on Highway 1, but we were in a hurry. To our good fortune, the driver of our car was also an auxiliary policeman. On his own dime, many years before, he had gone to Walmart and purchased a blue light police bubble for uses and parades and such. He slapped a flashing blue light on the roof of the car, pulled out of the Highway 1 line, and raised to the Belvoir front gate. In the middle of force protection delta, the gate MPs didn't waste a minute. They saw a flashing blue light from a car full of strangers and immediately waved us in. They didn't even stop us to ask us what we were doing. Don't! I hope that made it into the after-action report. Maybe don't accept, as a valid security credential, a flashing blue light from Walmart during force protection delta. I'm just saying. By the way, the AOC leadership team never jumped the operation to an alternate location. That evening, a few of us did a recon of the Pentagon to survey the damage. We ran into an old classmate of mine, John Quig, doing the same. He was trying to salvage as many of the office computers and servers that he could that were located in and around the vicinity of the Flight 77 plane crash. The problem he had was that since the crash, the Pentagon security forces had locked the building down tight, especially close to the crash site. They were in no mood for the potential of another attack from some random person wandering into the building from off the streets. The only people that had free access were the firemen and the rescue workers trying to find survivors and trying to put out fires. The security forces weren't going to let John anywhere near the office's adjacent to the crash site. While John was wandering around, though, he came across a set of firemen's equipment piled in a corner with nobody around to claim it. He decided to borrow the equipment using air quotes here to facilitate his search. When we ran into him, he was dressed in full firemen's regalia, complete with a hat and axe, pushing at least two large industrialized laundry dumpsters filled with computer equipment, and nobody has sold him from then on while he made his search. Later that evening, we found our way to the Pentagon's messaging center where, among other things, all the classified messages to and from the Pentagon were printed and stored. There was hardly anybody there. Most had evacuated the building before noon, but we found giant boxes of printed messages for General Shinseki, the Army's chief of staff, that had obviously been filling up for most of the day. We weren't sure if the general had seen them. You could do them electronically if the systems were up, but we didn't know the status. So a couple of us hauled the boxes over to the general's office around midnight. He was the only one there, sitting at his desk going through some papers. And you know what he did? He asked if we were okay, and he asked if anybody was hurt. We asked him what he wanted us to do with the message boxes, and he told us where to put them. The day after 9/11, American citizens just wanted to help. They were afraid and confused and felt helpless and wanted to do something, anything, to help hook the country back together. At some point, local restaurant chain owners and fast-food restaurant owners hauled their mobile platforms out to the Pentagon parking lots and cooked food for any soldier that was hungry. I remember Burger King and McDonald's, Outback Steakhouse, Pizza Joints Too Many to Remember, and many others. For all the soldiers working shifts 24 by 7 immediately after the event, if any of them were hungry, all they had to do was walk out to the parking lot to get free food. Those restaurant owners stayed out there for weeks. It was as if they couldn't do enough. My boss, Colonel Bruce Bacchus, one of the original Army animators, by the way, was a big smoker, but he couldn't smoke in the building. So consequently, he held impromptu meetings with his staff in the gaps between the Pentagon's hallway rings. Picture an uncovered back alley wide enough for maybe one compact car to fit through, complete with dumpsters and wiring infrastructure that supported the building. It wasn't dirty. This was the military, for goodness' sake. But it was industrial. One late night evening, it was like two in the morning, a couple of weeks after 9/11. Bruce was holding court in the gap between the E-ring and the D-ring. Off in the distance, we saw an electric golf cart approaching us with two civilians as passengers. With all the bizarre things I saw after 9/11, two civilians in the golf cart traveling in the gap between the E-ring and the D-ring at 2am wasn't normal. They stopped their car at our gathering space and we saw immediately that they were hauling big white plastic paint buckets that were holding a large collection of Burger King Whoppers. Apparently, the Burger King and the parking lot had made all of these burgers, but not enough soldiers showed up to eat them. The civilians said that by law, the restaurant owner couldn't keep them to sell the following day, so he had to throw them out. The civilians promised that they would find the burgers at home for the evening and asked if we knew of anybody that would like some. Well, we just happened to have at least 100 people working a shift in the Army Operations Center and those people are always starving. So, each member of Bruce's staff grabbed a couple of whopper paint buckets and hauled them into the skiff and announced to the watch officers a feeding frenzy. I was literally tossing whoppers like slow-pitched softballs across the AOC to the hungry mob. Sometimes I actually hit the target. Days after 9/11, military and civilian personnel had finished collecting the salvageable computers, servers, and networking gear that went offline as a result of the plane crash. These represented some of the 32 communication systems breached in the AOC on that first day. We put them into an empty basement data center room that used to host mammoth mainframes back in the day. Prior to the crash, all these computers and networking equipment were scattered throughout the building, but now we moved them all to the centrally located space. We put them on the floor and reconnected them with power cables, extension cords, and ethernet cables. The wiring looked like some giant spider who spent the afternoon building a web in there. It all smelled like jet fuel. The first time we turned everything on, sparks flew through the air. The weeks went by in a blur. There was always 15 more things that we needed to do to keep the AOC humming. I can't remember the first time I went home. It must have been days after. I remember arriving late in the evening. The kids were already in bed asleep. I held Kathy for a good long time. It took a nice hot shower, put on a fresh t-shirt and shorts and fell into bed. About a minute later, Kathy says that I jumped out of bed and headed down to my youngest room, Kimmy, almost five years old at the time. I picked her up and hauled her back to our bedroom where I put her on my chest and fell right to sleep. Weeks later, the chaos had subsided to a normal rhythm randomly while I'd find myself blinking back tears at the enormity of it all. 2,977 Americans died that day from the four terrorist flights. At the Pentagon, 64 passengers from Flight 77 and 125 people who were inside the Pentagon at the time lost their lives. Within a month, somebody hung a very large picture at the Pentagon entrance. It showed the fire crews, some soldiers and a couple of civilians only hours after the crash, dripping a giant American flag over the outside of the Pentagon adjacent to the crash site. It shook me up every time I saw it. I attended numerous memorials during these days just after the event. At one, an officiating general said something that really stuck with me. He was commenting on this weird reunion-esque quality that an assignment at the Pentagon had before 9/11. Senior officers and a listener who ended up at the Pentagon late in their careers had met a lot of people at this point in their travels. As you walked the 17 miles of Pentagon hallways, you would inevitably run into somebody from a previous unit, spend a moment to catch up on careers and family, and depart saying something like, "Hey, it's good to see you." The general said the phrase had new meaning these days. When you run into an old colleague, you are generally delighted that they are alive and healthy. It's really good to see you. After all, we all started going back to the Pentagon gym to burn off some steam. I was in the shower after one worked out and saw an old friend of mine, Paul Abel, showering in the opposite corner. We went to basic training together, the military academy prep school, West Point, and we were both stationed in Fort Polk in our first assignments as second lieutenants. But we hadn't seen each other in years. We were so excited to see each other alive that we met in the middle and gave each other a robust, brotherly embrace, completely naked in the gym shower room surrounded by other naked military personnel. So that happened. So here we are, 20 years later, wondering what it all meant. It's not hard to see the aftermath. Longest US war in history, countless lives lost from the ranks of US military, DoD civilians, and civilian contractors, not to mention the collateral damage to the local populations where we operated. Enormous monetary cost and arguably a giant hit to the American exceptionalism myth. On the other hand, the event was a showcase for how some Americans embody that American exceptionalism ideal. The passengers of Flight 93, the New York City firefighters, and first responders. The Walter Reed doctors and nurses, the woman who took our phone numbers so that our spouses could stop worrying. Al Neter, John Quig, the restaurant owners in the Pentagon parking lot, and my entire AOC communications team. That one day of shock and fear, 20 years ago, started it all. Whenever it happens next is anybody's guess, but on 9/11/2021, we can finally close the book on this face. This September 18th and 19th in Denver, a tight community of leading experts is gathering to tackle the toughest cybersecurity challenges we face. It's happening at M-Wise, the unique conference built by practitioners for practitioners. Brought to you by Mandiant, now part of Google Cloud, M-Wise features one-to-one access with industry experts and fresh insights into the topics that matter most right now to frontline practitioners. Register early and save at mwise.io/cyberwire. That's mwise.io/cyberwire.
