Critical Cyber Needs Include People, Partners, General Says
By Cheryl Pellerin
American Forces Press Service
WASHINGTON, July 2, 2013 Despite the inherent technical “geekiness” of cyberspace and urgent Defense Department efforts in that area, people and partners are among DOD’s most critical cyber needs, the senior military advisor for cyber to the undersecretary of defense for policy said last week.
Navy Lt. John Knolla mans the tactical action officer watch in the combat direction center aboard the Nimitz-class aircraft carrier USS Ronald Reagan during Exercise Valiant Shield 2006 in the Philippine Sea. Valiant Shield focuses on integrated joint training among U.S. military forces, enabling real-world proficiency in sustaining joint forces and in detecting, locating, tracking and engaging units at sea, in the air, on land and in cyberspace in response to a range of mission areas. U.S. Navy photo by Airman Christine Singh
(Click photo for screen-resolution image);high-resolution image available.
Army Maj. Gen. John A. Davis spoke to a large audience at the June 25-27 Armed Forces Communications and Electronics Association International Cyber Symposium in Baltimore.
Cyber partnerships such as those with the National Security Agency and the Defense Intelligence Agency and external partnerships such as those with industry, international allies and academia represent a transformation in the way DOD approaches cyber, Davis said.
For more than two years, he said, “DOD has been fundamentally and deliberately transforming the way we think, the way we organize, the way we train and equip, the way we provide forces and capabilities, the way we command and control those forces, the way we operate and the way we insure leadership and accountability for cyberspace operations.”
Even the general’s job as military advisor for cyber, a new position formally approved in August in an environment of reduced resources, “is an indication of how seriously senior department leaders are taking this subject,” he said.
The standup of U.S. Cyber Command in 2010 was part of this transformation, he said.
“It brought together disparate cyber functions of operating our networks, defending our networks and applying offensive capabilities against adversary networks,” said Davis, adding that Cybercom’s collocation with the National Security Agency at Fort Meade, Md., greatly improved DOD cyber capabilities.
“There’s a much better integration of intelligence through NSA’s hard work,” the general said. “From shared situational awareness to a common operational picture, NSA is doing some really great work. Leveraging their skills and expertise is not only an operational advantage, it’s a necessity.”
Beyond NSA’s technical focus, Davis said, DOD needs broad strategic context for intelligence to fulfill its cyber mission and that DIA, along with other intelligence community organizations, plays a critical role.
Ultimately, people and organizations who work against the United States and its allies in cyberspace are behind the development of malicious code and software, he said.
“This is where DIA is helping us refine and improve our indications and warning so it’s not limited to actions taking place at the speed of light, but actions by humans and organizations and processes that might help us … act with more options for leadership decisions,” the general added.
As it does with interagency partners at the Department of Justice’s FBI and the Department of Homeland Security, DOD builds capabilities in cyberspace by working with industry, international partners and academia.
In its work with the defense industrial base, or DIB, DOD is the sector-specific agency under Homeland Security for interacting with the DIB.
In 2010, the voluntary DIB Cybersecurity Information Assurance, or CS/IA, effort opened as a permanent program after a pilot period with 34 companies. Activities under the program enhance cybersecurity capabilities to safeguard sensitive DOD information on company unclassified information systems.
With the publication of a federal rule in 2012, DOD expanded the program, and nearly 100 companies now participate. At the same time, the optional DIB Enhanced Cybersecurity Services, or DECS, became part of the expanded DIB program.
Homeland Security officials said DECS is a voluntary program based on sharing indicators of malicious cyber activity between DHS and owners and operators of critical infrastructure. The program covers 18 critical infrastructure sectors, including banking and finance, energy, information technology, transportation systems, food and agriculture, government facilities, emergency services, water, and nuclear reactors, materials and waste.
“DOD relies heavily on critical infrastructure, which is in part why the department has a role to play in providing support to defend these commercial systems,” Davis said. More than 99 percent of electricity and 90 percent of voice and communication services the military relies on come from civilian sources, he noted.
“Defending our networks is a challenge that’s not getting any easier because of our reliance on key networks and systems that are not directly under DOD’s control,” the general observed.
Davis said the DIB CS/IA program and DECS “are part of a whole-of-government approach to improve the nation’s cybersecurity posture. It’s a holistic approach, because that’s what’s required in order to achieve this goal.”
DOD international engagement supports the U.S. International Strategy for Cyberspace and President Barack Obama’s commitment to fundamental freedoms, privacy and the free flow of information, and the right of self-defense, Davis said.
DOD’s ongoing cyber engagement with allies and close partners takes many forms, he added, including sharing information about capabilities and processes, warning each other about potential threats, sharing situational awareness and fielding more interoperable capability.
Such engagement includes joint training venues and exercises, he said -- “everything from tabletop exercises to more sophisticated exercises, and we’re doing joint training and putting cyber into our bilateral exercises on a more regular basis.”
With the State Department and other interagency partners, the general added, DOD participates on cyber matters in bilateral, multilateral and international forums, such as the United Nations and NATO.
“As an example of a critical bilateral relationship,” he said, “I’ve had the great honor twice in the past year to engage as part of a U.S. academic and government interagency forum with counterpart Chinese academic and government organizations.”
The last meeting was in Washington in December, Davis said.
“We recognize China as a rising power and one of the world’s leading voices in this discussion, so senior government officials across the interagency have actively engaged their Chinese government counterparts, including their military [counterparts] … in a number of ways already and we would like to see those engagements expand,” Davis said.
On July 8, DOD officials and several interagency partners “will hold a working group meeting on cyber with our Chinese counterparts to talk about this directly and to strive for concrete solutions with actionable steps for progress,” he added.
DOD’s partnership with academia addresses what Davis describes as the department’s biggest challenge going forward: building the cyber workforce.
“DOD is looking at ways to fundamentally change the way it recruits, trains, educates, advances and retains both military and civilians within the cyberspace workforce,” he said. “The vision is to build a system that sustains the cyberspace operations’ viability over time, increases the depth of military cyberspace operations experience, develops capable leaders to guide these professional experts … and ensures that we build real cyberspace operational capability from within our human resources into the future.”
The department is looking to partner in new ways with other federal, academic and private institutions, he said, to attract and retain skilled professionals in cyberspace.
“While cyber is always viewed as a technical area,” Davis said, “the fact is it’s always about people. People are going to make the difference in cyber, just as they have in every other dimension of DOD operations. So we must get the people part right to guarantee success for the future.