HomeNewsArticle

Cybersecurity Demands Culture Change, DoD Official Says

By Lisa Ferdinando DoD News, Defense Media Activity

PRINT  |  E-MAIL

WASHINGTON, Sept. 18, 2015 — A change in culture is needed to protect against threats in the rapidly changing cyber domain, the Defense Department's chief information officer said here yesterday.

"What keeps me awake is 'Will we get the cyber culture right?'" said Terry Halvorsen, opening a daylong cybersecurity meeting of government and industry experts. At the 6th Annual Billington Cybersecurity Summit, Halvorsen highlighted three areas in cyber culture he said need to be addressed: discipline, economics and enterprise.

Cyber, the fifth domain in warfare, is different from other warfare areas because of the rapid speed at which things change, he said. With the evolving threats, the thinking on cybersecurity needs to evolve as well. "Culture is the hardest thing to change," he said. "That's why it keeps me awake at night."

The United States is dependent on cyber more than probably any other nation, certainly more than any other military in the world, he said. While that gives America some "really powerful advantages" in warfare and business, he said, it also makes it the "most vulnerable to cyber interdiction."

Cyber-Economics

A threat, whether a criminal or a nation-state, can spend a "fairly small sum of money and cause us to spend quite a bit of money," Halvorsen said. "Right now, we are on the wrong side of that cyber-economic curve."

Better discipline, Halvorsen said, would raise the "cost of entry," thwarting some of the smaller players.

"Today almost anybody with a laptop, a little bit of sense and a little bit of money can go on the Internet, download some tools and cause a problem," he said.

There is a need for a culture and understanding that there are "rules of engagement " and "rules of the road that apply whether you are inside DoD or frankly if you are on your own [computer] system," he said.

"We are focused on building, generating, sustaining and ensuring we have a ready cyber force within the Department of Defense," said Air Force Lt. Gen. James "Kevin" McLaughlin, the deputy commander of U.S. Cyber Command.

In 2013, the command embarked upon a "four-year sprint" to bring 133 new cyber teams together across the military services, involving some 6,200 people, he said. The command is about half-way through in creating the teams, he added.

"In some cases, we're employing these units before they're even at initial operating capability when they have recognizable units that can function because the need for them is so dire," McLaughlin  said. "We're aggressively putting capability in the fight."

Cyber Ops, Threats Everywhere

"Cyber, unlike probably any other warfare area in the past, is completely ubiquitous in everything we do," Halvorsen said.

Cyber is unique from the other domains, he said, because it is so interconnected and has no geographical boundaries. "It is going to require us to be more enterprise in our cultural understanding and actions with it," he said.

DoD civilian and military leaders need to understand the importance of cyber defense, Halvorsen said, adding that "we've got to get cyber into every level of command."

Cyber operators are "wrestling daily with the challenges of operating a domain while also simultaneously defending it," according to Air Force Brig. Gen. Robert Skinner, deputy commander, Joint Force Headquarters-Department of Defense Information Networks.

"We constantly balance the risk with the inherent capabilities in the cyber domain to ensure our warfighters are successful in everything that they do," Skinner said.

Cyber was made the fifth operational domain in 2010, and the first functional one, he pointed out. "While we've held a decisive and dominant advantage in all the other domains, that's not necessarily the case in the cyber domain," Skinner said.

Follow Lisa Ferdinando on Twitter: @FerdinandoDoD)