‘Investing in People is Key’ at Cyber Command
By Cheryl Pellerin
American Forces Press Service
WASHINGTON, March 17, 2011 U.S. Cyber Command is building its workforce, launching efforts with industry and working with international partners to fulfill an important mission, the command’s leader said here yesterday.
Cybercom commander Army Gen. Keith B. Alexander and James N. Miller, principal deputy undersecretary of defense for policy, discussed the command’s 2012 budget request and other issues during testimony before a House Armed Services Committee subcommittee.
“People are the big thing” at Cybercom and “for our future investing in people is key,” Alexander told legislators.
Based at Fort Meade, Md., Cybercom is charged with providing connectivity and safeguarding DOD’s and allies’ worldwide information networks. The command reached full operational status on Oct. 31, 2010.
The cybersecurity budget request for 2011 is a little under” $3.2 billion and “a little over” $3.2 billion for 2012, Miller said.
Alexander said workforce costs comprise “the biggest portion” of Cybercom’s budget.
The next-biggest portion of Cybercom’s budget pie goes toward facilities and information technology infrastructure, the general added.
“That accounts for another 25 percent of the budget, and operations are the last part,” Alexander said.
Meanwhile, Cybercom is building capacity, he said, noting “the services are helping us do that.”
The general said the services are discussing requesting proficiency pay for military linguists working at Cybercom and those with other technical skills, although “right now that’s not an issue.”
“The other thing that we're looking at is how to collapse some of our military occupational specialties down into a few that allow us to look at the full spectrum [of cyber operations],” Alexander added. “I think we need to do that and the services have been wonderful in setting that up.”
A critical task for Cybercom, Miller said, “is to look hard at what we can do under existing authorities, including making better use of the Guard and Reserve.”
The type of people possessing the necessary skills for duty with Cybercom “will span a wider range than the standard profile for military service,” Miller said.
Outreach and pilot programs will help attract those with needed skills, Miller said, “so that they see what DOD can provide for their education and that they can make a contribution to national security as well.”
In January, Alexander said, the Navy Postgraduate School launched a technical master's degree course either in computer science or with majority of courses in cyber and cybersecurity-related disciplines.
“That's a step in the right direction,” the general said.
Innovative joint efforts with federal agencies, Internet service providers and the defense industry constitute another focus for Cybercom, Alexander told legislators.
On Oct. 13, 2010, Defense Secretary Robert M. Gates and Homeland Security Secretary Janet Napolitano announced an agreement for their agencies to work together on cybersecurity issues to protect critical military and civilian information technology infrastructure.
The agreement included a formal mechanism for benefiting from the technical expertise of the National Security Agency, which is responsible for protecting national security systems, collecting related foreign intelligence, and enabling network warfare.
“The department does recognize that we're dependent on both our partners in government -- the dot-gov and our partners in industry -- to be able to conduct and succeed in military operations,” Miller said.
Two efforts underway to address such issues, Alexander said, include the Enduring Security Framework and the Defense Industrial Base pilot program. The Enduring Security Framework, he said, is a partnership between government with DHS, DOD, the Director of National Intelligence and industry to look at critical cybersecurity issues.
If the partnership can identify common problems, Alexander added, “it's been our experience that industry, in developing much of that equipment, will go solve them, free to the government. That is a huge step forward and we've made some tremendous jumps in that area.”
Under the Defense Industrial Base pilot program are two sets of activities, Miller said.
“One is a broad defense industrial-base pilot in which we are sharing information about potential threats and looking at how to do that more effectively,” he said. “It's been a two-way street and very effective. We're looking to grow that.”
In the second part, Cybercom is working with several defense industrial base companies and Internet service providers in a technology-sharing project that has not yet been launched, Miller said.
“It's something that I hope we're very close to initiating, he added.
Working with international partners is another key element in Cybercom’s strategy, Miller said.
Because the United States “fights in a coalition,” he said, the U.S. military realizes “the security of our information and our operations both depend on the security of our partners’ and allies’ networks.”
Significant focus has been placed on working with the militaries of Great Britain, Australia, New Zealand and Canada, Miller said.
“We have long-standing relationships with them, and on intelligence issues, and that's been a good foundation for what we do in cyber as well,” he added.
Another significant effort over the past year, Miller said, involved working with NATO and making cybersecurity a key thrust of the NATO Strategic Concept at the Lisbon Summit.
“The cybersecurity center that's been established has begun to operate,” he said, “but we have a lot more work to do there in NATO in terms of implementing that effort.”
The command also is beginning to have “useful conversations” on cybersecurity with South Korea and Japan, Miller said.
“We also need to have conversations about cyber and other strategic issues with Russia and China,” he added. “We've made some headway with respect to Russia in having the initial conversations on cybersecurity.”
Asked what grade, on a scale of “A” to “F,” Alexander would give the Defense Department for its ability to defend its networks, the admiral said he would give DOD a “C.”
“When you look [from] the problems we had on our networks a few years ago to where we are today, it's a huge improvement,” the general said.
“I'd like to say an ‘A,’ but I think it's going to take us some time to get to an ‘A,’” which Alexander described as representing an impenetrable network.
“But we have made it extremely difficult for adversaries to get in, and every day we improve that,” the general said.