Cybercom Builds Teams for Offense, Defense in Cyberspace
By Cheryl Pellerin
American Forces Press Service
WASHINGTON, Mar. 12, 2013 As escalating rounds of exploits and attacks mar the strategic landscape of cyberspace, U.S. Cyber Command is standing up a highly trained cadre focused on national defense in that domain, the Cybercom commander told Congress today.
Army Gen. Keith B. Alexander told the Senate Armed Services Committee that the command is developing teams that will protect the nation’s interests in cyberspace, along with tactics, techniques and procedures, and doctrine describing how the teams will work in that environment.
“These defend-the-nation teams are not defensive teams, these are offensive teams that the Defense Department would use to defend the nation if it were attacked in cyberspace,” said Alexander, who also serves as National Security Agency director. “Thirteen of the teams we’re creating are for that mission set alone. We’re also creating 27 teams that would support combatant commands and their planning process for offensive cyber capabilities.”
Cybercom also has a series of teams that will defend DOD networks in cyberspace, the general said.
The intent at Cybercom is to stand up roughly one-third of the teams by September, the next third by September 2014, and the final third by September 2015, he added.
“Those three sets of teams are the core construct for what we’re working on with the services to develop our cyber cadre,” he said, adding that the effort is on track thanks to efforts by the service chiefs, who are pushing the initiative.
Training is key to the teams’ development, the general said. “The most important partnership we have with NSA and others is in ensuring that training standards are at the highest level,” he added.
Alexander told the panel that, from Cybercom’s perspective, the environment on the strategic landscape of cyberspace is becoming more contentious.
“Cyber effects are growing. We’ve seen attacks on Wall Street -- 140 over the last six months -- grow significantly. In August, we saw a destructive attack on Saudi Aramco, where data on over 30,000 systems was destroyed,” he said.
In industry, the antivirus community of companies believes attacks will increase this year, Alexander said, “and there’s a lot we need to do to prepare for this.”
The general said command and control is an important part of Cybercom’s cyber strategy. Combatant commands and service chiefs are looking at the command and control of working together, he said.
“We’ve done a lot of work on that, and have ironed out how the joint cyber centers at each combatant command will work with Cyber Command, how we push information back and forth, and how we’ll have operational and direct support of teams operating in their areas,” Alexander said. “We’ll have more to do on this as the teams come online.”
Another important part of the strategy is situational awareness, the general said, or seeing an attack unfold in cyberspace.
“Today, seeing that attack is almost impossible for the Defense Department,” he said. “We would probably not see an attack on Wall Street -- it’s going to be seen by the private sector first, and that [highlights] a key need for information sharing.”
Such sharing has to be real-time from Internet service providers to the Defense Department, the Department of Homeland Security and the FBI, all at the same time, the general said.
“If we’re going to see [an attack] in time to make a difference, we have to see it in real time,” he said. And companies that are sharing the information with the Defense Department have to have protection against privacy lawsuits from customers and other potential liabilities, he added.
Legislation that would have provided some of these protections along with a national cybersecurity framework failed to pass the Senate in August, and in an Executive Order signed Feb. 12, President Barack Obama directed federal departments and agencies to use existing authorities to provide better cybersecurity for the nation.
“The Executive Order issued last month is a step in the right direction, but it does not take away the need for cyber legislation,” Alexander said, pointing out that that civil liberties, oversight and compliance are critical for Cyber Command and NSA in operating in cyberspace.
“We take that requirement sincerely and to heart, … [and] we can do both -- protect civil liberties and privacy and protect our nation in cyberspace,” he said. “That’s one of the things we need to educate the American people about.”
Cyber Command experts also are building an operational picture the command would share with combatant commands, the DHS, the FBI and other national leaders, and the command also is working hard on authorities and policies related to DOD activities in cyberspace, Alexander said.
“This is a new area for many of our folks, especially within the administration, within Congress and for the American people,” he acknowledged. “We’re being cautious in ensuring that we’re doing that exactly right and sharing the information we have with Congress.”
No one actor, the general added, “is to blame for our current level of preparedness in cyberspace.”
“We must address this as a team, sharing unique insights across government and with the private sector,” he added. “We must leverage the nation’s ingenuity through an exceptional cyber workforce and rapid technological innovation.”
The U.S. government has made significant strides in defining cyber doctrine, organizing cyber capabilities and building cyber capacity, Alexander told the panel.
“We must do much more to sustain our momentum,” he added, “in an environment where adversary capabilities continue to evolve as fast as or faster than our own.”