An official website of the United States Government 
Here's how you know

Official websites use .gov

.gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS

A lock ( lock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

DOD Cyber Leaders Address Threats, Resilience, Working With Industry

You have accessed part of a historical collection on defense.gov. Some of the information contained within may be outdated and links may not function. Please contact the DOD Webmaster with any questions.

A lot’s changed on the cyber front in the year since U.S. Cyber Command became a full and independent unified combatant command, and since Army Gen. Paul M. Nakasone took over as commander and as director of the National Security Agency.

Nakasone and Dana Deasy, the Defense Department’s chief information officer addressed those changes to the cyber security environment and how DOD is responding at the 2019 Armed Forces Communications and Electronics Association conference in Baltimore, May 14.

Three men sit in chairs around a small table.
TechNet Cyber
Francis Rose, host of “Government Matters,” talks with Army Gen. Paul M. Nakasone, commander of U.S. Cyber Command, and Dana Deasy, the Defense Department’s chief information officer, during the Armed Forces Communications and Electronics Association’s annual TechNet Cyber meeting in Baltimore, May 14, 2019.
Credit: DOD video still
VIRIN: 190517-D-ZZ999-005C

Changing Threat Environment

''First of all, I would say certainly the threat is more adaptive, the threat is more capable and the threat is more pervasive,'' Nakasone said. ''All of the things that you've heard in so many different spectrums: the barriers to entry remain low, the capacity and capabilities of our adversaries are improving.''

Nakasone said what’s also changed is the focus of the National Security Strategy. The strategy has shifted to ''great power competition'' with near-peer adversaries, versus the 17 or more years of operations involving violent extremist organizations, such as in Iraq and Afghanistan.

''We're very proud of the work that's been done,'' he said. ''At the same time, we also know that our adversaries have changed and so the targets ... what we have to be concerned about for the future are obviously there as well.''

Hundreds of lines connect white dots, forming a globe-like sphere.
Cyber Command
The entirety of Defense Department information networks must be protected by U.S. Cyber Command.
Credit: DOD video still
VIRIN: 190517-D-ZZ999-004C

Other changes include technology, he said, including 5G wireless, which promises to be as fast if not faster than today’s wired broadband technology.

''We stand on ... the verge of fifth-generation wireless in the next 12 months,'' Nakasone said. ''Both Dana and I have been very, very busy with regards to machine learning and artificial intelligence. How do we ensure that you know the power of data that we know is there can be applied to utilized and leveraged by our department? Those are the things that are driving us right now.''

Nontraditional Solutions

As DOD’s top information technology executive, Deasy said the department will need to do some work to help industry better understand the things it needs to meet new challenges in cyber.

''This is where something's not that different coming from [the] private sector into government, insofar as I think [for] CIOs, generally one of the responsibilities they have is to make sure that industry understands what we're looking for, [and] can explain it in a way that makes it accessible for them to describe products and solutions,'' he said.

Service members sit at computer screens.
Cyber Shield 19
Soldiers, airmen and industry partners conduct network surveillance during Cyber Shield 19 training week at Camp Atterbury, Ind., April 7, 2019.
Credit: Army Staff Sgt. George B. Davis
VIRIN: 190411-Z-XR817-037C

Deasy said he’s encouraged leadership within the department to look at both traditional and nontraditional defense providers for cyber solutions.

''We need to think about nontraditional players and ... that's all about how do you access them, how do you make them aware that we're interested in conversation with them ... how do we get them to think about us as not being so complicated and so hard to come and have a conversation with,'' he said. ''So it's breaking it down in a way where they feel like we're accessible and they can grab hold of a portion of something we're trying to solve for and help us solve for them.''

Joint Artificial Intelligence Center

Deasy said the Joint Artificial Intelligence Center is one example of that effort to help include industry players who don’t typically work with DOD.

The center was created, he said, ''to set up an entity of people, to teach them how to just scan the universe of what I call 'the art of the possible' out there, and just to teach them in [the] kind of ways that were maybe were different than our normal acquisition approaches, to how we scan for technology, and that's been really an importance.''

Two service members sit at a table with four computers.
Cyber Shield
Soldiers, Airmen and industry Partners conduct network surveillance during Cyber Shield 19 training week at Camp Atterbury, Ind., April 7, 2019.
Credit: Army Staff Sgt. George B. Davis
VIRIN: 190411-Z-XR817-041C

As part of the JAIC, he said, they’ve learned to look for what’s available in the private sector that may be useful to DOD, to hold conversations with nontraditional players in the defense sector, and to make it participation accessible for them to come in and start to show the department what they can do and possible participate in pilot opportunities.

''This is where I think we can help private sector help out and teaching new ways for us to do these things inside of government, where you have to do them with a great deal of speed,'' Deasy said.

I would say certainly the threat is more adaptive, the threat is more capable and the threat is more pervasive,"
Army Gen. Paul M. Nakasone, Commander, U.S. Cyber Command

Deasy said with the JAIC, the department has been able to question if solutions need to always be built in-house, or can solutions be adopted that might already exist ''somewhere out there in the world, maybe at a university level or it could be a small start-up or it could be a very large established supplier, that we can reach out to.''

Nakasone also pointed to the Defense Innovation Unit, previously DIU-Experimental, and the Defense Digital Services as examples of new ways the department looks for solutions.

''These guys are at the Pentagon, I mean they're working at the Pentagon, doing a number of different projects that we find of great interest and as I think has been pointed out, turning us on to the areas we should be thinking about and looking at,'' Nakasone said.

Hundreds of lines connect white dots, forming a globe-like sphere.
Information Network
The entirety of Defense Department information networks are protected by U.S. Cyber Command.
Credit: DOD video still
VIRIN: 190517-D-ZZ999-002

DOD Resilience

Deasy said Nakasone, as lead for Cybercom and the NSA, runs defense on the DOD network. But he said there’s still concern about the breadth of the attack surface exposed to adversaries.

''You have this entire surface space called 'every place that an adversary will look to try to get in' from an endpoint all the way through an application through data, through networks, through a weapon system etc.,'' Deasy said. ''I worry about the resiliency. How do we make the Department of Defense more resilient? We fix the sins of our past. But I look to [Nakasone] to answer the question: do you see us every day as you defend our networks that we're becoming more resilient?''

Nakasone said he has several ways to evaluate the effectiveness of efforts to increase resiliency of the DOD network.

Service members and civilians sit at computers.
Cyber Training
Texas Army National Guard Sgt. Michael Russel analyzes network traffic during a Cyber Shield 19 training week class at Camp Atterbury, Ind., April 7, 2019.
Credit: Army Staff Sgt. George B. Davis
VIRIN: 190407-Z-XR817-009F

''The first measure of success — do we have awareness of what we're facing? We do have awareness. I mean there is clearly a delineation of the most important things that we're going to address based upon the vulnerabilities that we're seeing,'' he said. ''Secondly, I would measure do the senior leaders of our department listen, care, understand? They do. I can tell you that we brief them regularly, there is interest in it and I think that, you know, as we take a look and say, 'Can solutions be had here?' 'Yes.' You have leadership that says, 'We're going to fix this.'''

Finally, he said, is resourcing available to defend the network.

''Based upon last year's success, I think the work that's being done to get ready for the ‘21 budget build — yes — those are all very good areas,'' Nakasone said.

 

Related Stories