DOD Must Stay Ahead of Cyber Threat, Dempsey Says
By Claudette Roulo
American Forces Press Service
WASHINGTON, June 27, 2013 In its mission to defend the nation, the Defense Department must stay ahead of the ongoing technological revolution and its attendant rise in “anywhere, any time” cyber threats, the chairman of the Joint Chiefs of Staff said here today.
“As the defense community begins to focus inward on the implications of changing resources and this thing called sequestration, I think it’s important that we force ourselves to continue to look outward, at the changing world around us,” Army Gen. Martin E. Dempsey told attendees at a Brookings Institution forum.
Computers continue to be integrated into in everyone’s daily lives, the chairman said. “By this time next year, I’m quite certain that my toaster will be connected to the Internet and probably tweeting,” he joked. “But the spread of digital technology has not been without consequence. It has also introduced new dangers to our security and our safety.”
Dempsey told the audience that in his two years as chairman, he has focused on what this revolution means for the military. He has spoken with information technology experts, major tech company security teams, and spent time with an Internet service provider. He even met with a venture capitalist, he said.
“One thing is clear: cyber has escalated from an issue of moderate concern to one of the most serious threats to our national security,” Dempsey said. Now, the entire country could be disrupted by the click of mouse, he added.
To address these threats, the military must take on new missions, the chairman said.
“Cyber incidents have steadily escalated over the past year,” Dempsey said. Banks and oil companies have been targeted by sophisticated attacks, he said, and more than 20 nations now have military cyber units.
“This is the new normal in cyberspace,” Dempsey said. “Disruptive and destructive cyberattacks are becoming a part of conflict between states, within states, and among nonstate actors. The borderless nature of cyberspace means anyone, anywhere in the world, can use cyber to affect someone else.”
It isn’t enough to just strengthen cyber defenses on military systems, the chairman said. Intrusion attempts on critical civilian infrastructure systems have increased 17-fold over the last two years, he said. “The gap between cyber defenses deployed across critical infrastructure and offensive tools we now know exist presents a significant vulnerability for our nation,” Dempsey said.
In response to the threat, the Defense Department is growing its capacity to protect its own networks, and it’s adding a new mission: defending the nation, when asked, from attacks of significant consequence -- those that threaten life, limb, and the country’s core critical infrastructure, the chairman said.
Over the next four years, 4,000 cyber operators will join the ranks of U.S. Cyber Command, and $23 billion will be invested in cybersecurity, he said.
Three types of teams will operate around the clock at Cyber Command, Dempsey said. National mission teams will counter adversary cyberattacks on the United States. “A second and larger set of teams will support our combatant commanders as they execute military our missions around the globe,” Dempsey said. “The largest set of teams will operate and defend the networks that support our military operations worldwide.”
The most immediate priority is securing the “dot-mil” domain, the chairman said. “But in the event of a domestic cyber crisis,” he added, “our cyber forces will work in support of the Department of Homeland Security and the FBI, who lead our nation’s response in the dot-gov and dot-com domains.”
To ensure this force is able to operate quickly, the Defense Department now has a “playbook” for cyber, Dempsey said, noting that a presidential directive codifies how each part of the government will respond in the event of a serious cyberattack. Under this directive, the department has developed emergency procedures to guide its response to imminent, significant cyber threats, the chairman said.
The Defense Department is updating its cyber rules of engagement for the first time in seven years, he added, and also is improving mission command for cyber forces.
While cyber may be the nation’s greatest vulnerability, Dempsey said, it also presents the military with a tremendous asymmetric advantage. “The military that maintains the most agile and resilient networks will be the most effective in future war,” he told the audience. “This is the kind of force we are building for the future.”
Each branch of the military is doing its part, the chairman said, by investing in equipment and personnel that will ensure the joint force can operate in cyberspace as capably as it can on land, sea, air, and space. The next step is the planned Joint Information Environment, he said -- a single, easy to secure, joint network delivering data to the department’s personnel wherever and whenever they need it.
“As part of this new Joint Information Environment, we’re building a secure 4G wireless network that will get iPads, iPhones and Android devices online in 2014,” the chairman said. “With tools like this, the smartphone generation joining our military will help us pioneer a new era of mobile command and control.”
Although the Defense Department has made significant progress in embracing cyber, the nation’s effort to protect critical civilian infrastructure is lagging -- a worrisome vulnerability, the chairman said. Sharing information about cyber threats is one of the most important ways to strengthen cybersecurity across the private sector, he added, but threat information primarily is shared in only one direction: from the government to critical infrastructure operators.
“That has to change,” Dempsey said. “We can’t stop an attack unless we can see it.”
The country is debating the proper purpose and limits of intelligence collection for national security, the general said, but these are two entirely different issues, and it is a mistake to combine them.
“One is collecting the intelligence necessary to locate foreign terrorists and their potential domestic co-conspirators,” he explained. “The other is sharing information about malware to protect our critical infrastructure from a different kind of attack.”
Ultimately, he said, “it will take legislation to significantly strengthen our ability to withstand cyberattacks while safeguarding civil liberties.”
Information sharing is just one path to safer network operations, the chairman said. Others include improved cybersecurity standards and the establishment of internationally recognized rules for responsible behavior in cyberspace.
“The rise of cyber is the most striking development in the post-9/11 national security landscape,” Dempsey told the audience. “We are doing everything we can inside the military to be ready to operate in cyberspace. I call on our elected officials and the private sector to match the urgency. Together, we must place this nation on surer footing against the cyber threat.”