WASHINGTON, September 9, 2015 —
The commander of U.S. Cyber Command described the role of deterrence in the cyber world, the problems of defending against cyber enemies, and “operationalizing” cyber capabilities in the Defense Department during a discussion at the Woodrow Wilson International Center for Scholars last night.
Navy Adm. Michael S. Rogers stressed that these cyber challenges face all Americans. Wilson Center President Jane Harmon demonstrated the truth of that statement by asking anyone in the audience who had not been hacked to raise his or her hand. Not a soul did.
Defense of the cyber realm requires solving the challenge of “bringing together a broad expanse of organizations with different expertise, different capabilities, different perspectives inside the government, outside, whether they wear the uniform or in civilian clothes,” Rogers said. “How do we bring this together in a coherent way as a nation to deal with problems that are only growing in their complexity?”
Cybercom is tasked with defending DoD networks from attacks, and the command is at war 24/7, the admiral said. The command also responds to cyber attacks and develops the capabilities that provide options to civilian leaders and combatant commanders.
Cybercom “must learn, even as we build capabilities of the future,” Rogers said. “This is a long-term effort. It always reminds me of the counterterrorism piece in that regard. It will require a sustained focus at multiple levels.”
The admiral emphasized the need for legislation governing the cyber world, noting that it is not a panacea, but necessary to establish “rules of the road.” He also emphasized the need for public and private entities to work together.
Americans Expect Cyberattacks
Harmon asked Rogers if there was the danger of a “cyber Pearl Harbor.” The admiral said the image of the Pearl Harbor attack that precipitated U.S. entry into World War II was “a bolt from the blue” that America did not expect and had little defense against.
Americans expect cyberattacks, and the potential targets of those attacks -- both public and private -- have defenses, the admiral said.
“I expect in my time as the commander of United States Cyber Command, the command will be called about its mission of responding to cyber incidents of significant consequence,” he said. “It’s not ‘if,’ it’s ‘when.’ All of us, we’ve got to generate action and not just talk. Because in the end this is about a very real set of capabilities and circumstances out there that aren’t something imaginary.”
The Sony attack, the Office of Personnel Management hack and the attacks on Aramco in Saudi Arabia all show the capabilities of cyberattacks, Rogers said. “There isn’t a segment in our society that hasn’t had to deal with this,” he said.
Defense and prevention efforts in cyberspace must abide by the rule of law, the admiral said. U.S. Cyber Command and the National Security Agency operate in a free and open republic, he added. “We cannot attempt to override [the laws] or pretend that they are not relevant to what we do,” Rogers said. “If we can’t engender trust in the nation we are serving, we are doomed to failure.”
The Role of Deterrence
The admiral said deterrence in the cyber realm has an offensive aspect to it, but defense also plays a role. Classic means of deterrence rely on convincing an opponent that they will fail despite their best efforts. “That’s one reason in the department we are investing a lot of capability … to make it harder for opponents to actually penetrate our networks,” he said.
The second idea is convincing opponents that, even if they succeed, the cost they would pay would far outweigh any value that would be generated, he said. “It’s part of the reason that when we came up with the [DoD cyber] strategy -- in an attempt to deter behavior -- we would talk about the department’s intent to generate a spectrum of capability from the defensive to the offensive,” he said.
Deterrence works with nation states, but will it work against non-state actors? Rogers doesn’t have an answer for that, but noted that “every group, every individual, values something. There’s a way that we can highlight that which you value and potentially threaten if you continue to pursue destabilizing courses of actions.”
(Follow Jim Garamone on Twitter: @GaramoneDoDNews)