Official Details DOD Cybersecurity Environment
By Jim Garamone
American Forces Press Service
WASHINGTON, Oct. 20, 2010 Cyberspace is a new world and a new domain for combat. The Defense Department is working to understand the threats and opportunities that this new domain poses.
Robert J. Butler, deputy assistant secretary of defense for cyber policy, is one of the officials charged with developing defense capabilities in this crucial domain. And there has been progress.
“For the past 14 months, we have been trying to continue to grow [U.S.] Cyber Command and its capabilities, at the same time looking at strategy and policy,” Butler told reporters at the Defense Writers’ Group here today. “We need to find ways to operate more effectively in cyberspace.”
DOD needs new operating concepts for the new domain. The department has done a lot of work in systems, education and training, “and beyond that, things like active defense and new ways of looking at resiliency and new ways to operate in different environments,” he said.
It comes back to the warfighter, he said. The DOD cyber world needs to focus on ensuring warriors can deploy, get the information they need when they deploy, track supplies and personnel and ensure logistics, he explained. They also must remain in contact with neighboring units and the home front, along with a variety of other tasks, he added.
Defense Department officials have reached out to Great Britain, Australia, Canada and NATO to defend against cyber threats that include nations, rogue states, terrorist groups, criminal gangs and just plain hackers, Butler said.
“The focus within the strategy is to go ahead and build partnerships with like-minded nations in the areas of shared awareness, shared warning and collective response,” he said. “As we move forward, we are trying to build capacity at one level, and at another level – interdependence – you are actually laying a foundation for deterring bad behavior in cyberspace.”
Operations in Afghanistan and Iraq – and the trust those operations have built among the coalition – have helped to speed this international cooperation, Butler said.
The threat constantly changes, and the department has to keep on top of this aspect of cybersecurity, Butler told the group. “Every day, people think of new ways to use the Internet,” he said. “As I look at the advent of social networking sites and what that has done, people have learned to use the Internet to not only communicate in traditional ways, but to build new networks that create both opportunities as well as threats.”
The cyber domain is new, and policy has not caught up to reality. Government and private officials are grappling with basics such as what constitutes a cyber attack and who has responsibility to defend against threats. The White House is leading the effort, Butler said, but it is clear that the Department of Homeland Security has the lead inside the United States. The Defense Department has responsibility to defend military networks, and can assist Homeland Security and other civilian agencies when required and ordered.
Who does what and when they do it is under discussion with other government agencies.
“We have our viewpoints laid out, and we’re trying to determine the best way to move forward,” Butler said. “One of the key things is to agree on the taxonomy. We hear a lot of discussion about cyber war and cyber attacks, and there’s legal terminology with hostile intent, hostile acts. Making sure everyone understands the taxonomy is really important.”
Butler credited the Homeland Security exercise Cyber Storm 3 with helping officials think through responses. The national cyber incident response framework exercise, conducted at the end of August, looked at the way the U.S. government and private industry faced a cyber threat.
“We were able to work out what the threat was, what the appropriate response was, who takes action, how do you determine conditions and postures,” he said.
The exercise included federal and state entities, the private sector and international partners. “It was a huge learning experience for the department,” he said.
But no one can stand still, Butler said.
“We recognize as we face this evolving threat that more will be required,” he said. “The question is what kind of hybrid models, what kind of rules, what kind of things do we need to counter a threat that continues to advance? We’ve got congressional support. We got a blueprint, and we’re working on it.