SECRETARY CARTER'S REMARKS TO CYBER COMMAND WORKFORCE

Above:  SECDEF Discusses 'Cyber Force' at USCYBERCOM Troop Event

FROM:  U.S. DEFENSE DEPARTMENT

Remarks by Secretary Carter to U.S. Cyber Command Workforce at Fort Meade, Maryland
Presenter: Secretary of Defense Ash Carter
March 13, 2015

SECRETARY OF DEFENSE ASH CARTER: Thank you all. It's -- first of all, thank you, Admiral Rogers. We count ourselves very lucky to have you in charge here, and we count ourselves very, very lucky to have each and every one of you I see in front of me.

I've been learning some today about getting really updated on the development of CYBERCOM and also NSA, the two magnificent institutions represented here and that you all serve, and that we're so grateful that you serve.

This is, in fact, the first troop event I've done as secretary of defense in the United States. And there's a reason for that. And that is the importance of what you're doing to our department and our country. That should tell you something about how vital the mission is that you all have taken on, how important it is for the security of our country and, for that matter, the security of our economy and our people in their individual lives, because cyber touches all aspects of their lives.

So, if you do nothing else and get nothing else out of this encounter today, I want you to do one thing, which is to go home tonight or make a call or tweet at your family, or do whatever you people do -- (Laughter) -- but in whatever medium you use, please tell them that you were thanked today by the leadership of the department, and through us, the entire country, for what you do.

We don't take it for granted. You're what we wake up for every morning. Your service, your sacrifice, your professionalism and your welfare and that of your families is all we do. That's all we care about. And we're so, so grateful for it.

And with all that's going on in the world, from Iraq to Ukraine to the Asia-Pacific, the domain that you protect, cyberspace, is presenting us with some of the most profound challenges, both from a security perspective and from an economic perspective. The president had a cybersecurity summit a few weeks ago, in which you can see that our national leadership at every level is really seized with the need to get on top of this problem.

So cyber, which is what you do, is a marriage of the best people and the newest technology. And that being the case, and it being the case that there's a high demand for both of those things -- the best people and the newest technology across the country -- means that we, and I know this, we as a government and a department and a military need to be open to that -- those sources of good people and new technology. We need to be open in order to be good in this field.

And that means we need to build bridges to society, bridges that aren't as necessary in other fields of warfare that don't have a civilian or a commercial counterpart to the extent that this field does. So we have to build bridges and rebuild bridges to the rest of our society.

And that means we need to be open. And of course, we can't be open, given what you do, in the traditional sense. But we need to be open to new ideas. We need to be open to people we can't always tell them what we're doing, but we need to be open enough with our government so that it knows what it's doing, so that its officials can in turn turn to our people and say, "I'm sorry I can't tell you everything; you wouldn't want me to tell you everything that is being done to protect you because that would undermine our ability to protect you."

But you should trust that your senior officials and your elected officials and so forth are acting on your behalf. And I think we do have that trust and that people do understand that what you're doing for them is necessary and being done in an appropriate manner.

We need to be open generationally. We need to be open to a new generation because we need the young to be attracted to our mission. We need people who grew up with technology that was not available when I was growing up, and therefore have a sixth sense about it, which I can never have.

And that will be true when even those of you who are now the young people in front of me who are so smugly nodding your head. (Laughter) You, too, will be overcome by new technology at some point. And then also we'll need a new generation.

So our institution in general has to be an open one because we're an open society. But in order to be really good at anything, but especially good at what you do, we need to be open to a younger generation. That's incredibly (inaudible) your leaders know that. I've talked to them about that. And we know that that's the only way we're going to continue to have an elite core of people like the ones who are sitting in front of me right now.

And, you know, I actually think that in that regard, the development of the cyber workforce, which we are working on now, can be a model for other things we do in the department. The freshness of approach, the constant effort to stay up, reinvent, that your field demands is actually something we can use everywhere in the department.

So we're looking to you in a sense as a model and a trailblazer for many other things we need in the department. One of the things that I've said I'm determined to bring to our department is openness to new ideas. That's the only way that we're going to remain what we are today, which is the greatest fighting force the world has ever known. That's the way to do it going forward. And we -- we will.

For -- for the institutions that you join, be they military services or field agencies or new -- new commands, they are trying to figure out how to welcome this new breed of warrior to their ranks. What's the right way to do that? How do you fit in?

I had lunch with some of you earlier today. We were talking about how this skill set and this professional orientation fits into the traditional armed services. And of course, it doesn't fit into the traditional armed services. We have to figure out how to get it to fit in, so that you all have a full opportunity to bring to bear on your careers the expertise that you gained here and the sense of mission that you felt here, and carry it into the future.

I know that's a challenge in front of us. And you all feel it in your individual careers. And I'm determined that we together create that fit, but that comes with doing something new and different and exciting. You're going to be pathfinders, but we'll find the path together.

You are, whether you're civilians, military, contractor, all parts of our -- our workforce. We regard you as on the frontlines in the same way that last week I was in Afghanistan, and we have people on the frontlines there. It is the front line of today's effort to protect our country. And while you may not be at risk in the way that the forces are -- physical risk in the way our -- in Afghanistan, we are requiring from you a comparable level of professionalism, excellence, dedication. And I know you show all that, but we count on it, because you really are on the frontlines.

NSA and CYBERCOM, two -- one around for a long time, another one kind of brand new. A lot of people wonder what's the relationship between the two. And we pretty much have that in our heads. But the honest truth is, it's a work in progress. We're working out that relationship.

My view is that we're doing the right thing in having the leadership of those two organizations be in the same place. And one way of thinking about that is that we just don't have enough good people like you to spread around. And we need to cluster our hits as a country. And that's one of the reasons why we're going to keep these two together, at least for now.

I want you to know that in addition to thinking through how you're organized and so forth, that a big priority of mine is going to be to make sure that you're getting the training and the equipment and the resources you need. This is a very high priority area. And, you know, if you read about sequester, which is a terrible, stupid thing that we are doing to ourselves -- I have nothing good to say about it. But I think that even in the era of sequester, we understand that this mission area is one we cannot afford not to keep investing in.

And that means that that fact, together with our determination to help you chart rewarding, lasting careers in this field, those two things together ought to tell you, also, how much we value what you do.

Let me make one last point, and this is something that you all know, but it's important to remind our fellow citizens and, for that matter, the rest of the world, and that is we are -- we build our cyber mission force, it's the kind of country we are, to defend the openness of cyber space, to keep it free.

We're the ones who stand with those who create and innovate against those who would steal and destroy. That's the kind of country we are, and that's the kind of cyber force we are.

We're going to execute our mission while being as transparent as possible, because that's also who we are. And that's why I wanted my remarks to you to be public, which they are, if you see them being filmed here. That's an unusual thing for you, and I know that some of you can't be seen on television because of the nature of your work. And it's rare that media come into the premises of this organization.

But I wanted not only you to know how important we know what you do is for the country, but everyone else to hear that as well. So what that means, I suppose, is that even if you forget or are too lazy or for some other reason don't tell your family that you were thanked today, they're going to learn anyway.

(Laughter) So I suggest that you beat the media to the punch and, once again, go home, call home, call a friend and say, today I was thanked by the leadership of my department and through them by the country for what I do.

Tell them that. Thank you very much. We'll have some questions?

So, there are two microphones here, which in NSA fashion are only connected by wires to the floor. So, have at it. Any subject at all. Any question or comment.
Q: Mr. Secretary, in a budget-constrained environment, what are your top priorities?

SEC. CARTER: So, the question was, in a budget-constrained environment, what are my top priorities. And that's -- first and foremost, our people. That's got to be number one, because that's what makes our military the greatest in the world. It's people. It's also technology, it's also lots of other things, but it's principally -- it's first and foremost our people, and that's something we need to keep investing in.

Now, I know that that's not the only investment we make, and we do have to have a balanced approach to defense spending, because each of you wants not only to be adequately compensated, but you want to have other people to your left and right, as you do what you do. You want to have the best equipment. And you want to -- and you don't want to go into action without the best training.

So each of us wants to see some balance in how we spend the defense dollar.
But it's not just a matter of money. It's a matter of caring about our people, making sure that the safety and dignity of all of our people is respected, and all those things that we have responsibility for.

So, number one, for me, is people.

And the second thing I would say is we need to be an open institution. Open to the rest of -- because the way we're going to stay excellent is to be the most excellent part of society. And to do that, you have to be pulling from society the very best and the very best people.

And you guys are superb. And this is why people want to hire veterans so much, because you're all so good. That's why you're such good people to hire. And I know that's another problem, and I don't want you being hired away either. (Laughter) And I can't stop you.

But the reason that people want to hire you away is you're so darn good.
Q: Sir, you spoke of military needing to find a way to fit in within their respective branches. What are the possibilities of establishing a cyber branch of service, much like the Army Air Corps became the Air Force?

SEC. CARTER: It's a very good question. And we have asked ourselves that over time. And there may come a time when that makes sense. I think that for now we're trying to build upon our strengths. We're trying to draw from where we already are strong and not to take too many jumps, organizationally, at once.
So, you know, we're trying -- why has cyber come here at Fort Meade? Well, you know, because we didn't want to start all over again somewhere else. Because we didn't feel like we could afford to do that.

And, as I said, maybe there'll come a day when these two things will each be so strong and different, that they won't need to be in the same place. But that's not now.

There was some question initially about why we used so many uniformed people in the first place. Maybe we should be using more civilians or contractors.
We started where we thought we had strength. And I think you have to look at this as the first step in a journey that may, over time, lead to the decision to break out cyber the way that you said the Army Air Corps became the U.S. Air Force, the way Special Operations Command was created, and with a somewhat separate thing, although that still has service parts to it.

And so, we're trying to get the best of both. You know, our armed services give us hundreds of years of proud tradition, a whole system of recruiting, training and so forth. So it's a pretty -- it's not something you walk away from lightly and said, well, I'm going to start all over again.

So, it may come to that, and I think it's an excellent question. It's a very thoughtful question. And we have given some thought to that. And for right now, we're walking before we run.

But it may -- that's one of the futures that cyber might have.

Q: Good afternoon, Mr. Secretary. My question, sir, is in regard to cyber and authorities. Going forward, sir, a vast amount of our work is done with network administrators across the DoDIN [DoD Information Network]. Currently, sir, most of the products we report are recommendations, if you will, sir.

What is your vision, going forward, to make those recommendations more of a requirement for those network administrators?

SEC. CARTER: That's a very insightful question also. It is -- it gets down to a fundamental issue here, and let's be -- let's just put it right out on the table, because that's what you're getting at.

The information networks that it is CYBERCOM's first responsibility to protect are our own DOD networks, because there's no point in my buying all these ships and planes and tanks and everything, and none of them is going to work and our kids aren't going to work, unless there are networks that stitches the whole thing together, enables the whole thing. We've got to -- got to -- got to make our networks secure.

And the protectors don't own the networks. So if you're a cyber mission team and you fall in on a network, you find, well, you know, there's a whole bunch of people who work on this network. They set it up, and they're responding to other needs than security. They're responding to people calling the help desk and driving them crazy with one little problem or another they can't figure out, people who want more, more, more; want faster, this isn't working, I want to add some people.

So they're trying to juggle lots of needs. Many of them are administering networks that are outdated and that have been around for a long time and are a little long in the tooth and so forth.

And so, there's going to be a tension between those who are called upon to protect the networks and those who own and operate the networks. And I understand that. And we think we go into this with our eyes wide open.

But the -- I mean, I'm going to stand -- I can tell you this, I'm going to stand with you on the side of requiring protection, because it's not -- it's not adequate network administration to downplay security. You are laying the warfighter open to risk.

And we can't have that. And I -- you know, you put it this way, if all the network owners and operators were good at protecting themselves, we wouldn't have to, right, have these -- these national mission force protectors.

But it's -- they're not. And it's actually not reasonable for them all to be because that's not their first area of expertise. And we -- so we're counting on this sort of extra proficient group of people to fall in on them and help them.

But there'll always be a little tension when you show up at the door, and they've got a problem. And but you've got to do what you've got to do, because they are no good to us if they're penetrated or vulnerable.

I think that's all I can take for right now.

Let me just, once again, thank you from me very much, and please pass that on.

U.S. CYBER COMMANDER REMARKS ON "CYBERSECURITY DILEMMAS"

FROM:  U.S. DEFENSE DEPARTMENT

Right:  Navy Adm. Michael S. Rogers, commander of U.S. Cyber Command and director of the National Security Agency, testifies before the House Armed Services Committee improving the military cyber security posture in an uncertain threat environment, March 4, 2015. DoD photo by Cheryl Pellerin.  

Cybercom Chief: Cyber Threats Blur Roles, Relationships
By Cheryl Pellerin
DoD News, Defense Media Activity

WASHINGTON, March 6, 2015 – Over five years of U.S. Cyber Command operations, global movement of threat activity through cyberspace has blurred roles and relationships among government agencies, as well as between the public and private sectors and the real and virtual worlds, the Cybercom commander told a House panel.

Navy Adm. Michael S. Rogers testified March 4 before the House Armed Services Committee on cyber operations and improving the military’s cybersecurity posture.

“There is no Department of Defense solution to our cybersecurity dilemmas,” Roger said in written testimony. “The global movement of threat activity in and through cyberspace blurs the U.S. government’s traditional understanding of how to address domestic and foreign military, criminal and intelligence activities.”
Similarly, he said, the public and private sectors need each other’s help.
Responding to Cyber Attacks

“The U.S. government, the states and the private sector can’t defend their information systems on their own against the most powerful cyber forces,” the admiral said.

“We saw in the recent hack of Sony Pictures Entertainment that we have to be prepared to respond to cyber attacks with concerted actions across the whole of government,” he added, “using our nation’s unique insights and complete range of capabilities in cooperation with the private sector.”

Cyberspace is more than a challenging environment, Rogers said.

“It is now part of virtually everything we in the U.S. military do in all domains of the battle space and each of our lines of effort,” he said. “There is hardly any meaningful distinction to be made now between events in cyberspace and events in the physical world, as they are so tightly linked.”

Cybercom is growing and operating at the same time, he said, performing many tasks across a diverse and complex mission set.

Guarding DoD Networks

Three years ago, the command lacked capacity, Rogers said. Today, new teams are guarding DoD networks and are prepared to help combatant commands deny freedom of maneuver to adversaries in cyberspace, he added.

Cybercom’s Cyber Mission Force, or CMF, was formed to turn strategy and plans into operational outcomes, the admiral said.

“With continued support from Congress, the administration and the department,” Rogers said, “Cybercom and its service cyber components are now about halfway through the force build for the CMF, [and] many of its teams are generating capability today.”

He added, “We have a target of about 6,200 personnel in 133 teams, with the majority achieving at least initial operational capability by the end of fiscal year 2016.”

Cybercom has been normalizing its operations in cyberspace, he said, to provide an operational outlook and attitude to running the department’s 7 million networked devices and 15,000 network enclaves.

Implementing the Joint Information Environment

The department’s legacy architecture, created during times when security was not a core design element, is being transitioned to a more secure and streamlined architecture that is part of what ultimately will be the Joint Information Environment, or JIE.

“While the JIE is being implemented,” Rogers said, “our concerns about our legacy architecture collectively have spurred the formation of our new Joint Force Headquarters to defend the department’s information networks.”

The Joint Force Headquarters recently achieved initial operational capability, the admiral added, working at the Defense Information Systems Agency under Rogers’ operational control at Cybercom. Its mission is to oversee the day-to-day operation of DoD networks, he added, “and mount an active defense of them, securing their key cyber terrain and being prepared to neutralize any adversary who manages to bypass their perimeter defenses.”

Managing Risk

“It gets us closer to being able to manage risk on a systemwide basis across DoD,” Rogers added, “balancing warfighter needs for access to data and capabilities while maintaining the overall security of the enterprise.”
The admiral said the new headquarters is a stopgap measure while the department migrates its systems to a cloud architecture that’s more secure and facilitates data sharing across the enterprise.

As network security has advanced, so has the maturity of the cyber force, which has gained what Rogers called priceless experience in cyberspace operations.
“That experience has given us something even more valuable -- insight into how force is and can be employed in cyberspace. We have had the equivalent of a close-in fight with an adversary that taught us how to maneuver and gain the initiative that means the difference between victory and defeat,” he explained.
Every Conflict Has a Cyber Dimension

Such insight is increasingly urgent, because every conflict in the world has a cyber dimension, the admiral said, adding that the command sees patterns in cyber hostilities that indicate four main trends:

-- Autocratic governments that view the open Internet as a lethal threat to their regimes;

-- Ongoing campaigns to steal intellectual property;

-- Disruptions by a range of actors that range from denial-of-service attacks and network traffic manipulation to the use of destructive malware; and

-- States that develop capabilities and attain system access for potential hostilities, perhaps with the idea of enhancing deterrence or as a beachhead for future cyber sabotage.

“We believe potential adversaries might be leaving cyber fingerprints on our critical infrastructure, partly to convey a message that our homeland is at risk if tensions ever escalate toward military conflict,” Rogers said.
Heartbleed and Shellshock

For instance, he told the House panel, “I can tell you in some detail how Cybercom and our military partners dealt with the Heartbleed and Shellshock vulnerabilities that emerged last year.”

The Heartbleed Bug is a serious vulnerability that allows attackers to steal information, usually encrypted, that’s used to secure the Internet for applications such as Web, e-mail and instant messaging, among others. Attackers can eavesdrop on communications, steal data directly from the services and users, and impersonate services and users.

Shellshock is a vulnerability that gives attackers the ability to run remote commands on a system.

The admiral said these serious flaws inadvertently were left in the software that millions of computers and networks in many nations depend on.

Responsible developers discovered both security holes, Rogers said. They kept their findings quiet and worked with trusted colleagues to develop software patches that system administrators could use to get a jump on those who read the same vulnerability announcements and devised ways to identify and exploit unpatched computers, he said.

Checking for Vulnerabilities

“We at Cybercom and [the National Security Agency] learned of Heartbleed and Shellshock at the same time that everyone else did,” the admiral said.
Military networks are probed for vulnerabilities thousands of times an hour, he added, so it wasn’t long before they detected new probes checking their websites and systems for vulnerabilities.

“By this point, our mission partners had devised ways to filter such probes before they touched our systems,” Rogers explained. “We were sheltered while we pushed out patches across DoD networks and monitored implementation,” directing administrators to start with the most vulnerable systems.

“Thanks to the efforts we have made in recent years, our responses … were comparatively quick, thorough and effective, and in both cases they helped inform corresponding efforts on the civilian side of the federal government,” the admiral added.

“We also know that other countries, including potential adversaries, struggled to cope with the Heartbleed and Shellshock vulnerabilities,” he noted.
Cyber Military Capabilities

Rogers said this operational approach must be built in many more places.
“The nation’s government and critical infrastructure networks are at risk as well,” he said, “and we are finding that computer security is really an enterprisewide project.”

The admiral added, “We in the U.S. government and DoD must continue learning and developing new skills and techniques … [and] the nation must continue to commit time, effort and resources to building cyber military capabilities.”

COMMANDER U.S. CYBER COMMAND DISCUSSES CYBER DEFENSE AND OFFENSE

FROM:  U.S. DEFENSE DEPARTMENT

Right:  Navy Adm. Michael S. Rogers, commander of U.S. Cyber Command and director of the National Security Agency, spoke to cadets, staff and faculty during a Leader Professional Development Session at the U.S. Military Academy at West Point, N.Y., Jan. 9, 2015. U.S. Army photo by Sgt. 1st Class Jeremy Bunkley.  

Rogers Discusses Cyber Operations, ISIL, Deterrence
By Cheryl Pellerin
DoD News, Defense Media Activity

WASHINGTON, March 2, 2015 – Navy Adm. Michael S. Rogers, commander of U.S. Cyber Command, took questions here recently on many topics -- cyber defense and offense, finding the Islamic State of Iraq and the Levant on the dark Web and cyber deterrence -- during a New America Foundation cybersecurity conference.

Rogers, who’s also director of the National Security Agency, spoke with CNN national security correspondent Jim Sciutto and took questions from the audience and from Twitter and other social media outlets.

Rogers often says, as he did at this conference, that he believes in appearing publicly and putting no restrictions on questions asked of him.

“You can ask me anything,” he said, “because we have got to be willing as a nation to have a dialogue” on cyber issues.

Cyberspace as a Domain of War

On a question about whether the United States is positioned effectively to address cyberspace as a domain of warfare, Rogers said the nation is in a better position in many ways than most of its counterparts around the world.
“We've put a lot of thought into this as a department,” he added. “U.S. Cyber Command, for example, will celebrate our fifth anniversary this year. This is a topic the department has been thinking about for some time.”

But the admiral said he doesn’t think Cybercom is where it should be yet in preparation for fully engaging in cyberspace.

“Part of that is just my culture,” he explained. “My culture as a military guy always is about striving for the best, striving to achieve objectives. You push yourself.”

Defending the Networks

From a defensive standpoint it’s difficult to defend a network infrastructure that has been built over decades, Rogers said, noting that most of it was created at a time when there was no critical cyberthreat.

“We're trying to defend infrastructure in which redundancy, resiliency and defensibility were never design characteristics,” he said. “It was all about ‘build me a network that connects me in the most efficient and effective way with a host of people and lets me do my job.’” Rogers noted that concerns about an adversary’s ability to penetrate the network and manipulate or steal data was not a primary factor at the time.

The department is working to change its network structure to incorporate core security characteristics, the admiral said.

On the offensive side, Cybercom is “working its way,” Rogers said, and doing this within a broader structure that dovetails with the law of armed conflict.
Cyber as an Offensive Tool

“Remember,” he said, “when you look at the application of cyber as an offensive tool, it must fit within a broader legal framework -- the law of armed conflict, international law, the norms we have come to take for granted in some ways in the application of kinetic force.”

Cybercom must do the same thing in the offensive world, the admiral said, “and we're clearly not there yet.”

Like many nations around the world, the United States has capabilities in cyber.
“The key for us is to ensure that such capabilities are employed in a very lawful, very formulated, very regimented manner,” Rogers said.

Legal Framework for Cyberspace

In January 2014, in Presidential Policy Directive 28, Rogers said President Barack Obama laid out the framework he wanted used in the conduct of signals intelligence.

Today, the admiral said, “all that remains applicable.”

Another question from the audience referenced ISIL’s use of the dark Web to raise money through Bitcoin, a form of digital currency.

The questioner described the dark Web as “a bunch of anonymous computers -- a bunch of anonymous users -- that are still able to find each other” using a browser that protects users’ anonymity, no matter what a user is doing there.
Nature of the Business

On collecting intelligence from the dark Web, Rogers said, “We spend a lot of time looking for people who don't want to be found.”

In some ways, he added, that is the nature of the business, particularly involving terrorists or individuals engaged in espionage against the United States or against its allies and friends.

Such activities, the admiral said, are a national concern.

“ISIL's ability to generate resources, to generate funding, is something that we're paying attention to,” Rogers said.

Focusing on ISIL

“It's something of concern to us,” he noted, “because it talks about ISIL’s ability to sustain themselves over time [and] about their ability to empower the activity we're watching on the ground in Iraq, in Syria, in Libya [and] in other places.”
Such activities also are of concern to a host of nations, the admiral said, adding, “I won't get into the specifics of exactly what we're doing, other than to say this is an area that we are focusing attention on.”

When asked about deterring America’s adversaries from carrying out cyberattacks, Rogers said the concept of deterrence in the cyber domain is relatively immature.

“This is still the early stages of cyber in many ways,” he said, “so we're going to have to work our way through this” by developing and accepting norms of behavior in cyberspace that will underlie and support the notion of deterrence.

NSA DIRECTOR ASKS INDUSTRY'S HELP IN GETTING AMERICAN PEOPLE TO UNDERSTAND THE FACTS

FROM:  U.S. DEFENSE DEPARTMENT 
Alexander Calls on Industry to Help Set Record Straight
By Nick Simeone
American Forces Press Service

WASHINGTON, Oct. 9, 2013 - The nation's top cyber commander called on industry today to "put the facts on the table" about the National Security Agency following leaks about the agency's surveillance programs, blaming inaccurate or sensational reporting for congressional failure to approve measures that he said are needed to protect the nation from a devastating cyberattack.

"We need the American people to understand the facts. And it's got to start with what we're actually doing -- not what we could be doing -- with the data," Army Gen. Keith B. Alexander, NSA director and commander of U.S. Cyber Command, told an industry conference in suburban Maryland. "Most of the reporting is, 'They could be doing 'A.' The facts are they're doing 'B.'"

Warning that he doesn't want to have to explain why he failed to prevent another 9/11, Alexander appealed to industry to help in light of the damaging leaks in June by former NSA contractor Edward Snowden.

Snowden has been charged in absentia with violating the Espionage Act and stealing government property for turning over secret documents to reporters detailing classified NSA programs, actions that Alexander has blamed for causing irreversible and significant damage to the security of the United States and its allies.

In the time since the leaks, Alexander said, the media have complicated matters through exaggerated or inaccurate reporting.

"Everything that comes out is almost sensationalized and inflamed by what it could be, not by what it is, and that singularly in my mind will impact our ability to get cyber legislation and defend the nation," he said. "And if you think about the numbers of disruptive attacks over the last year, and destructive attacks, and you plot that out statistically, what it says to me is it's getting worse, and that's going to grow."

Alexander pointed to a series of recent destructive cyberattacks around the world, including on Saudi Aramco, a Saudi oil company, where he said data in more than 30,000 systems was destroyed last year, as well as attacks against Qatar's Rasgas gas company and twin attacks in South Korea earlier this year.

"Then, look at what hit Wall Street over the last year: over 300 distributed denial-of-service attacks. How do we defend against those?"

Alexander called for laws that would encourage industry and government to share information about potential threats in real time. "This will become hugely important in the future," he said. We've got to have legislation that allows us to communicate back and forth."

To get there, the general said, the rhetoric on media leaks must change and the trust factor must be fixed, "because we're not going to move forward with all that hanging out there."

In the absence of congressional action, President Barack Obama has issued an executive order promoting increased sharing of information about cyber threats across government and industry. However, Alexander said, the nation's cyber defenses remain dependent on closer, real-time cooperation between the government and Internet service providers and the anti-virus community.

"Our team -- government, industry and allies -- have to be ready to act, and we're not," he said. "We're stuck because of where we are in the debate, so what you could do to help is get the facts. We need your help to inform the American people and Congress about what we're doing."

U.S. CYBER COMMAND CONCERNED OVER MORALE OF CYBERSECURITY WORKFORCE

FROM:  U.S. DEFENSE DEPARTMENT
Shutdown Hurts Morale, Top Cyber Commander Says
By Claudette Roulo
American Forces Press Service

WASHINGTON, Oct. 8, 2013 - The morale of the cybersecurity workforce is being damaged by the government shutdown, the nation's top cyber commander said here today.

"What these people take an oath to do is to protect and defend this country and our civil liberties and privacy, and we're telling them to stay at home," said Army Gen. Keith B. Alexander, commander of U.S. Cyber Command and director of the National Security Agency.

"How do you get good talent to come to government when you treat them like that?" he asked an audience of cybersecurity professionals during a conference at the Newseum.

The NSA is still performing its most critical functions: terrorism-related missions and those that protect life and limb, the general said. But, he noted, due to the shutdown the agency risks losing some of its most vulnerable employees -- young people new to government service.

The loss of trust in the NSA caused by recent leaks has further damaged employee morale, Alexander said.

"We need the facts on the table so that we can make informed decisions about our future in defending our nation and protecting our civil liberties and privacy. ... We need to inform the debate," he said.

The general said that if Americans understood the oversight and compliance that governs NSA's collection of data, they would realize that the United States is better than any other country in the world at protecting civil liberties and privacy.

"Ours is a noble cause," he said.

Alexander said he believes it's in the nation's best interests to put phone data into a repository in such a way that Americans can be confident that the data isn't being misused – "that you have confidence that the oversight compliance and the ways that we look at it -- the auditing and the controls -- is exactly right," he said.

This type of bulk data collection is necessary to ensure that there won't be another terrorist attack on U.S. soil, Alexander said.

"We made a commitment that 9/11 would never happen again," he said. "And one of the reasons it happened is because we didn't have a database like this. We didn't have a repository that would allow us to connect the dots."

The intelligence community was found lacking by the 9/11 Commission, the general said, and in response it came up with the tools it needed to prevent it from happening again.

Alexander said he is open to the idea of an examination of the oversight and compliance controls on the NSA's collection and use of data. But, he said, it should be done carefully to prevent the nation from a painful re-learning of the lessons of 9/11.

"If we don't know there's a threat, we can't stop it," he said. "Don't put us back to the beginning."

OFFICIALS APPEAR BEFORE SENATE COMMITTEE TO DISCUSS INTELLIGENCE PROGRAMS

FROM:  U.S. DEFENSE DEPARTMENT 
Officials Discuss Intelligence Programs at Senate Hearing
By Cheryl Pellerin
American Forces Press Service

WASHINGTON, Sept. 27, 2013 - At a hearing yesterday before the Senate Select Committee on Intelligence, Army Gen. Keith B. Alexander, commander of U.S. Cyber Command and director of the National Security Agency, and Director of National Intelligence James R. Clapper Jr. discussed a NSA-managed classified intelligence program, one of two made public by a security leak in June.

Joining Alexander and Clapper was Deputy Attorney General James Cole. All were called to testify about both programs leaked to the press by former NSA systems administrator Edward Snowden -- Section 215 of the Patriot Act, also known as NSA's 215 business records program, and Section 702 of the Foreign Intelligence Surveillance Act, or FISA.

In the months since the leaks, media reports have said the programs involve secret surveillance by NSA of phone calls and online activities of U.S. citizens, and revealed unauthorized disclosures of information by NSA, generating distrust of the agency and calls for an end to the programs.

Section 702 of FISA and Section 215 of the Patriot Act both were authorized by the Foreign Intelligence Surveillance Act, first approved by Congress in 1978.

Section 702 authorizes access, under court oversight, to records and other items belonging to foreign targets located outside the United States. Section 215 broadens FISA to allow the FBI director or other high-ranking officials there to apply for orders to examine telephone metadata to help with terrorism investigations.

In 2012, these programs resulted in the examination of fewer than 300 selectors, or phone numbers, in the NSA database, Alexander said during a congressional hearing in July.

In his remarks, Cole described the 215 program, explaining that it involves collecting only metadata from telephone calls.

"What is collected as metadata is quite limited. ... It is the number a telephone calls ... It doesn't include the name of the person called," Cole said. "It doesn't include the location of the person called. It doesn't include any content of that communication. It doesn't include financial information ... It is just the number that was called, the date and the length of the call."

"If you want any additional information beyond that, you would have to go and get other legal processes to find that information and acquire it," he added.

Such metadata can only be looked at when there is a reasonable, articulable suspicion for a specific phone number to be queried in the database, Cole said.

"Otherwise," he said, "we do not and cannot just roam through this database looking for whatever connections we may think are interesting or in any way look at it beyond the restrictions in the court order."

Only a small number of analysts can make such a determination, and that determination must be documented so it can be reviewed by a supervisor and later reviewed for compliance purposes, Cole added. The program is conducted according to authorization by the FISA Court, which must reapprove the program every 90 days.

"Since the court originally authorized this program in 2006, it has been reapproved on 34 separate occasions by 14 individual Article Three judges of the FISA Court," Cole said. "Each reapproval indicates the court's conclusion that the collection was permissible under Section 215 and satisfied all constitutional requirements."

Article Three of the U.S. Constitution establishes the judicial branch of the federal government.

Oversight of the 215 program involves all three branches of government, including the FISA Court and the Intelligence and Judiciary Committees of both houses of Congress, Cole said. Every 90 days, the Department of Justice reviews a sample of NSA's queries to determine whether the reasonable articulable requirement has been met.

DOJ lawyers meet every 90 days with NSA operators and with the NSA inspector general to discuss the program's operation and any compliance issues that may arise, Cole explained.

With respect to Congress, "we have reported any significant compliance problems, such as those uncovered in 2009, to the Intelligence and Judiciary Committees of both houses," he said.

"Those documents have since been declassified and released by the DNI to give the public a better understanding of how the government and the FISA court respond to compliance problems once they're identified," Cole said.

In his testimony, Alexander told the panel that NSA's implementation of Section 215 of the Patriot Act focuses on defending the homeland by linking foreign and domestic threats.

Section 702 of FISA focuses on acquiring foreign intelligence, he said, including critical information concerning international terrorist organizations, by targeting non-U.S. persons who are reasonably believed to be outside the United States.

NSA also operates under other sections of the FISA statute in accordance with the law's provisions, Alexander said.

"To target a U.S. person anywhere in the world, under the FISA statute we are required to obtain a court order based on a probable cause showing that the prospective target of the surveillance is a foreign power or agent of a foreign power," he explained.

"As I have said before, these authorities and capabilities are powerful," Alexander said. "We take our responsibility seriously."

NSA stood up a directorate of compliance in 2009 and regularly trains the entire workforce in privacy protections and the proper use of capabilities, he said.

"We do make mistakes," Alexander noted.

"Compliance incidents, with very rare exceptions, are unintentional and reflect the sorts of errors that occur in any complex system of technical activity," he said.

The press has claimed evidence of thousands of privacy violations but that is false and misleading, Alexander said.

"According to NSA's independent inspector general, there have been only 12 substantiated cases of willful violation over 10 years. Essentially one per year," he said. "Several of these cases were referred to the Department of Justice for potential prosecution, and appropriate disciplinary action in other cases. We hold ourselves accountable every day."

Of 2,776 violations noted in the press, he said, about 75 percent were not violations of court-approved procedures but rather were NSA's detection of valid foreign targets that traveled to the United States. The targets are called roamers and failure to stop collecting on them as soon as they enter the United States from a foreign country is considered a violation that must be reported.

"NSA has a privacy compliance program that any leader of a large, complex organization would be proud of," Alexander said. "We welcome an ongoing discussion about how the public can, going forward, have increased information about NSA's compliance program and its compliance posture, much the same way all three branches of the government have today."

NSA's programs have contributed to understanding and disrupting 54 terrorism-related events, Alexander told the panel, with 25 in Europe, 11 in Asia, five in Africa, and 13 in the United States.

"This was no accident. This was not coincidence. These are the direct results of a dedicated workforce, appropriate policy, and well-scoped authorities created in the wake of 9/11, to make sure 9/11 never happens again," Alexander said.

In the week ending 23 Sept., he said, there were 972 terrorism-related deaths in Kenya, Pakistan, Afghanistan, Syria, Yemen and Iraq. Another 1,030 people were injured in the same countries.

"The programs I've been talking about -- we need these programs to protect this nation, to ensure that we don't have those same statistics here," Alexander said.

With respect to reforms, he said, on Aug. 9 President Barack Obama laid out specific steps to increase the confidence of the American people in the NSA foreign intelligence collection programs.

"We are always looking for ways to better protect privacy and security," Alexander said. "We have improved over time our ability to reconcile our technology with our operations and with the rules and authorities. We will continue to do so as we go forward and strive to improve how we protect the American people, their privacy and their security."

In his remarks to the panel, Clapper said that over past 3 months he's declassified and publicly released a series of documents related to Section 215 Section 702.

"We did that to facilitate informed public debate about the important intelligence collection programs," he said. "We felt in the light of the unauthorized disclosures, the public interest in these documents far outweigh the potential additional damage to national security. These documents [allow them to] see the seriousness, thoroughness and rigor with which the FISA Court exercises its responsibilities."

Even in these documents, Clapper said, officials had to redact some information to protect sensitive sources and methods such as particular targets of surveillance.

"We'll continue to declassify more documents. It's what the American people want," he said. "It's what the president has asked us to do. And I personally believe it's the only way we can reassure our citizens that the intelligence community is using its tools and authorities appropriately."

But, Clapper said, "we also have to remain mindful of potentially negative long-term impact of over-correcting to the authorizations granted to the intelligence community."

Clapper added, "As Americans we face an unending array of threats to our way of life -- more than I've seen in my 50 years in intelligence. We need to sustain our ability to detect these threats. We welcome a balanced discussion about civil liberties but it's not an either-or situation. We need to continue to protect both."

NSA LEADER WARNS OF CYBER ATTACKS AT CYBER SYMPOSIUM

FROM: U.S. DEPARTMENT OF DEFENSE,

Nation Must Defend Cyber Infrastructure, Alexander Says

By Claudette Roulo
American Forces Press Service

WASHINGTON, June 28, 2013 - The United States must have a transparent debate on how it will protect itself in cyberspace, the director of the National Security Agency said yesterday.


"It is a debate that is going to have all the key elements of the executive branch -- that's DHS, FBI, DOD, Cyber Command, NSA, and other partners -- with our allies and with industry," Army Gen. Keith B. Alexander told an audience at the Armed Forces Communications and Electronics Association International Cyber Symposium in Baltimore.

Everyone involved must figure out how to work together as the cyber threat grows, said Alexander, who also commands U.S. Cyber Command.

In August, the Saudi Aramco oil company was hit with a destructive attack that destroyed the data on more than 30,000 systems, he said. In September, distributed denial of service attacks began on the U.S. financial sector, and a few hundred disruptive attacks have occurred since.

In March, destructive cyberattacks took place against South Korea, the general said.

"If you look at the statistics and what's going on, we're seeing an increase in the disruptive and destructive attacks. And I am concerned that those will continue," he said. "As a nation, we must be ready."

Over the past few years, there has been a convergence of analog and digital data streams, Alexander said. Now, everything is on one network -- information sent by terrorists, soldiers and school teachers travels through the same digital pipelines.

The cyber world is experiencing an exponential rate of change, he said. "It's wonderful," he added. "These capabilities, I think, are going to help us solve cancer. This is a wonderful opportunity."

But, he said, cyberspace also has vulnerabilities. "We're being attacked," Alexander said. "And we've got to figure out how to fix that."

The key to the nation's future in cyber is a defensible architecture, he said, embodied for the Defense Department by the Joint Information Environment. In that environment, mobile devices will securely connect with fixed infrastructure across the services in a way that allows the department to audit and take care of its data much better than it could do in the legacy systems, Alexander said.

The need to create one joint integrated cyber force is "a great reason for having NSA and Cyber Command collocated," Alexander said. Both are based on Fort Meade, Md.

"We can leverage the exceptional talent that the people at NSA have to help build that force," he added, "and that's superb."




　

CYBERCOMMAND ON OFFENSE AND DEFENSE

Credit:  U.S. Navy.

FROM: U.S. DEPARTMENT OF DEFENSE
Cybercom Builds Teams for Offense, Defense in Cyberspace
By Cheryl Pellerin
American Forces Press Service

WASHINGTON, March 12, 2013 - As escalating rounds of exploits and attacks mar the strategic landscape of cyberspace, U.S. Cyber Command is standing up a highly trained cadre focused on national defense in that domain, the Cybercom commander told Congress today.

Army Gen. Keith B. Alexander told the Senate Armed Services Committee that the command is developing teams that will protect the nation's interests in cyberspace, along with tactics, techniques and procedures, and doctrine describing how the teams will work in that environment.

"These defend-the-nation teams are not defensive teams, these are offensive teams that the Defense Department would use to defend the nation if it were attacked in cyberspace," said Alexander, who also serves as National Security Agency director. "Thirteen of the teams we're creating are for that mission set alone. We're also creating 27 teams that would support combatant commands and their planning process for offensive cyber capabilities."

Cybercom also has a series of teams that will defend DOD networks in cyberspace, the general said.

The intent at Cybercom is to stand up roughly one-third of the teams by September, the next third by September 2014, and the final third by September 2015, he added.

"Those three sets of teams are the core construct for what we're working on with the services to develop our cyber cadre," he said, adding that the effort is on track thanks to efforts by the service chiefs, who are pushing the initiative.

Training is key to the teams' development, the general said. "The most important partnership we have with NSA and others is in ensuring that training standards are at the highest level," he added.

Alexander told the panel that, from Cybercom's perspective, the environment on the strategic landscape of cyberspace is becoming more contentious.

"Cyber effects are growing. We've seen attacks on Wall Street -- 140 over the last six months -- grow significantly. In August, we saw a destructive attack on Saudi Aramco, where data on over 30,000 systems was destroyed," he said.

In industry, the antivirus community of companies believes attacks will increase this year, Alexander said, "and there's a lot we need to do to prepare for this."

The general said command and control is an important part of Cybercom's cyber strategy. Combatant commands and service chiefs are looking at the command and control of working together, he said.

"We've done a lot of work on that, and have ironed out how the joint cyber centers at each combatant command will work with Cyber Command, how we push information back and forth, and how we'll have operational and direct support of teams operating in their areas," Alexander said. "We'll have more to do on this as the teams come online."

Another important part of the strategy is situational awareness, the general said, or seeing an attack unfold in cyberspace.

"Today, seeing that attack is almost impossible for the Defense Department," he said. "We would probably not see an attack on Wall Street -- it's going to be seen by the private sector first, and that [highlights] a key need for information sharing."

Such sharing has to be real-time from Internet service providers to the Defense Department, the Department of Homeland Security and the FBI, all at the same time, the general said.

"If we're going to see [an attack] in time to make a difference, we have to see it in real time," he said. And companies that are sharing the information with the Defense Department have to have protection against privacy lawsuits from customers and other potential liabilities, he added.

Legislation that would have provided some of these protections along with a national cybersecurity framework failed to pass the Senate in August, and in an Executive Order signed Feb. 12, President Barack Obama directed federal departments and agencies to use existing authorities to provide better cybersecurity for the nation.

"The Executive Order issued last month is a step in the right direction, but it does not take away the need for cyber legislation," Alexander said, pointing out that that civil liberties, oversight and compliance are critical for Cyber Command and NSA in operating in cyberspace.

"We take that requirement sincerely and to heart, ... [and] we can do both -- protect civil liberties and privacy and protect our nation in cyberspace," he said. "That's one of the things we need to educate the American people about."

Cyber Command experts also are building an operational picture the command would share with combatant commands, the DHS, the FBI and other national leaders, and the command also is working hard on authorities and policies related to DOD activities in cyberspace, Alexander said.

"This is a new area for many of our folks, especially within the administration, within Congress and for the American people," he acknowledged. "We're being cautious in ensuring that we're doing that exactly right and sharing the information we have with Congress."

No one actor, the general added, "is to blame for our current level of preparedness in cyberspace."

"We must address this as a team, sharing unique insights across government and with the private sector," he added. "We must leverage the nation's ingenuity through an exceptional cyber workforce and rapid technological innovation."

The U.S. government has made significant strides in defining cyber doctrine, organizing cyber capabilities and building cyber capacity, Alexander told the panel.

"We must do much more to sustain our momentum," he added, "in an environment where adversary capabilities continue to evolve as fast as or faster than our own."

CYBERDEFENSE EXPERTS DISCUSS FUTURE

Credit:  U.S. Air Force

FROM: U.S. DEPARTMENT OF DEFENSE

Cyber Officials Weigh Opportunities, Challenges
By Amaani Lyle
American Forces Press Service

WASHINGTON, Jan. 8, 2013 - The joint information environment will define the future as the services move closer to a common foundation, Defense Information Systems Agency officials said during a panel discussion here yesterday.

The panel -- moderated by Anthony Montemarano, DISA's director for strategic planning and information -- was part of the Armed Forces Communications and Electronics Association's monthly luncheon meeting for cyberdefense experts.

"It's about bringing everyone together so that we have a common infrastructure to [develop] new technologies," Montemarano said.

David Mihelcic, DISA's chief technology officer and principal director for global information grid enterprise services engineering, said the agency will focus on Internet protocol, client server computing, cloud computing and the "spiral" family of software development processes, among other technologies.

"DISA has focused on leveraging leading-edge, but commercial, technologies and putting those together in a manner that supports the warfighters' needs," he said. "We have a long history of trying to bring capability to the warfighter securely."

With most military and government agencies facing possible deep spending cuts, officials said, DISA and the Defense Department will continue to collaborate with industry to develop unified communications and mobility innovations in the face of shrinking information technology budgets.

"We're not looking at trying to reinvent the wheel. We're trying to exploit the best wheel out there," Mihelcic said. "We're not going to develop unique technologies, [so] we're looking at industry to develop innovation that we can leverage."

Whatever budget constraints may loom, he added, one aspect must not waver. "We cannot give up the security, the confidentiality or the pedigree of our data at the unclassified or classified levels," he said.

From a cyberdefense perspective, Mark Orndorff, DISA's program executive officer for mission assurance and network operations, said that while his agency and DOD have Web content filtering and log-on security capabilities, he'd like to further develop them.

"One of our primary efforts is to look across the existing infrastructure to better leverage those technologies," Orndorff said.

Although areas such as mobility and cloud computing will create certain unavoidable gaps as technology matures, Orndorff said, training and minimizing duplication will be important in creating the optimal security architecture.

"A key piece of this is the cyber workforce and developing the right training, lab and range environments to fully develop [the right architecture]," Orndorff said.

That training, he explained, will help to ensure new technologies are developed with the best knowledge of the potential risks and outcomes.

"We need to test [the technology], validate it and make sure we aren't going to do something that'll leave us exposed," he said. "But there are real benefits from an economic and cyberdefense effectiveness standpoint. As we build out the analytics, we're moving into the open-source, 'big-data' environment, and we're looking for solutions that will coexist in that big-data environment."

Jennifer Carter, DISA's component acquisition executive, said that while efficiencies should be a main consideration in the way ahead, a common approach to the security posture can lead to process improvements and better long-range planning to stay current with technology and industry advances.

"The underlying fundamentals should have that core component available for the services to leverage," she said. "We want to get the capabilities to the warfighters faster."

Expediting certification and product validation will pave the way for DISA's endeavors in cloud computing, with a focus on mobile technologies and network operations, Carter said.

"DISA has been designated the cloud broker for DOD, ... [and] we'll be looking at industry to develop interoperable technologies with an integrated suite of capabilities warfighters can access," she added.

AIR FORCE CYBER TAKES PART IN USCYBERCOM CYBER FLAG EXERCISE

 

LACKLAND AIR FORCE BASE, Texas -- Gen. C. Robert Kehler, commander of Air Force Space Command, administers the Oath of Enlistment to basic training graduates on the parade grounds at Lackland Air Force Base, Texas, Oct. 15. The importance of defending cyberspace was taken to a new level last week when cyber training became a permanent fixture of the Air Force Basic Military Training curriculum. (U.S. Air Force photo/Robbin Cresswell)

FROM: U.S. AIR FORCE

AFCYBER takes part in second USCYBERCOM Cyber Flag exercise
by Tech. Sgt. Scott McNabb
24th Air Force Public Affairs
11/21/2012 - JOINT BASE SAN ANTONIO-LACKLAND, Texas -- 24th Air Force, the U.S. Air Force's cyber component to U.S. Cyber Command, took part in the Cyber Flag 13-1 training exercise at Nellis Air Force Base, Nev. Oct. 29-Nov. 8.

USCYBERCOM designed Cyber Flag to bring together Department of Defense cyber and information technology professionals to hone their cyber skills against a realistic adversary in a tactical virtual environment.

"Our increasing dependency on reliable and efficient network connectivity and the growing threat posed by cyber adversaries highlight the importance of practicing combined operations in defense of the DOD information infrastructure," said Capt. Christian Mapp, 24th Air Force exercise branch chief. "As the service provider for Air Force networks, 24th Air Force participation with the other service components is critical to ensuring a synchronized and coordinated approach to DOD network defense being available and capable should the need ever arise."

Mapp said the Air Force assembled a total force team comprised of more than 70 active duty, Reserve and Air National Guard cyber warriors from across the nation.

This year's Cyber Flag was larger than the first Cyber Flag held in 2011 on the same cyber range. This year's exercise saw approximately 700 participants, up from last year's 300, and doubled the network size. All participants had a specific role to play, playing the part of a U.S. team or role-playing an adversary.

"Exercises like Cyber Flag test participants' readiness when faced with a realistic cyber event in a stressed environment against a dynamic and skilled adversary. This was not a simple 'capture the flag' event," said Col. George Lamont, director of USCYBERCOM Joint Exercises and Training.

The exercise included an opposing force whose mission was to penetrate and disrupt the computer networks of the "good guys," or Blue Force - made up of DOD cyber service components.

Lt. Col. Jamie Maki, 24th Air Force chief of exercise and training chief, said Cyber Flag is designed to provide realistic training opportunities for a number of DOD commands to deter and, if necessary, defeat a cyber attack. Additionally, much like Red Flag is to the air world, Cyber Flag aims to give cyber operators experience with tactics, techniques and procedures of our cyber adversaries and test our own tactics, techniques and procedures. The teams were given opportunities to coordinate actions across the offensive and defensive spectrum as well as partnering with our sister services.

Despite this only being the second Cyber Flag, Maki said some of the key successes of the exercise included such efforts as the integration of cyber intelligence analysts proving invaluable to the mission planning cell, ultimately enhancing the defensive posture and virtually eliminating stovepipe efforts. Additionally, the collaboration between teams detecting cyber intrusions and first responders leveraged tactical insights and skill sets yielding greater synergy and mission effectiveness. Finally, the exercise partnered service teams with coalition partners highlighting the global nature of the cyber domain.

"Through the use of a virtual network environment, individuals supporting Cyber Flag benefited by gaining exposure to problem sets they may not normally experience in their day-to-day jobs. Furthermore the event affords the opportunity to work in concerted effort with their sister-service counterparts to operate and defend DOD networks across the full spectrum of operations against a realistic adversary," Mapp explained.

Cyber security continues to be a priority across the government. The DOD has a critical role in developing and supporting the nation's cyber security efforts.

"Cyber Flag highlights the interconnected nature of the DOD information infrastructure, making the key takeaway from Air Force Cyber Command's participation in Cyber Flag the necessity to demonstrate a holistic approach for clearing the net and securing the high ground," said Mapp.

HEAD OF U.S. NAVY'S CYBER COMMAND BLOGS ON CYBERSPACE SECURITY

Photo Credit:  U.S. Navy Fleet Cyber Command And 10th Fleet

FROM: U.S. NAVY, U.S. CYBER COMMAND

This blog was written by

Vice Admiral Michael Rogers, head of the Navy’s U.S. Fleet Cyber Command and TENTH fleet.
First and foremost, the men and women assigned to U.S. Fleet Cyber Command and U.S. TENTH Fleet (FCC/C10F) are warriors. I am proud of the work they do to defend the nation every day and the skills they bring to the fight.

While many Americans understand the importance of the network that connects them with the rest of the world, they may not be as familiar with our Navy cyber warfighters and what they do on a daily basis to maintain mission critical connectivity between our naval forces. Because the Navy’s combat power is drawn from a highly networked and electromagnetic spectrum dependent force, the Navy must continuously fight within cyberspace to preserve these networks to maintain our maritime superiority.

Think of it this way; cyberspace is the fifth warfighting domain that intersects the other four which are sea, land, air, and space. Commanding this domain is critical to the Navy’s core capabilities of forward presence, deterrence, sea control, power projection, maritime security and humanitarian assistance/disaster response. The U.S. Department of Defense defines cyberspace as "a global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers." Controlling and defending this information flow is a warfighting imperative.

Just as the U.S. Navy dominates the sea domain, the FCC/C10F team of officers, enlisted, and civilian members fight each day to maintain our edge in cyberspace in defense and support of the Navy and Joint forces.

FCC/C10F warfighters contribute to the Navy’s overall mission by directing cyberspace operations to deter and defeat aggression while ensuring freedom of action in cyberspace. This means serving as the central operational authority for networks, cryptologic/signals intelligence, cyber, information operations, electronic warfare, and space capabilities for the Navy. We network widely dispersed forces to gain battle space awareness that extends our Navy’s operational reach to deliver massed and precision firepower at critical points – in other words, we fight the bad guys and empower our Navy and Joint partners in cyberspace by operating and protecting the networks that support the defense of our nation. To do this, we are continually striving to leverage technology and optimize our workforce through training and innovation to maintain our strategic, operational and tactical advantage in cyberspace.

We execute our mission set using the same traditional maritime warfighting organizations and mechanisms that the Navy uses in every other warfighting domain: a three-star numbered fleet that provides operational oversight and uses its Maritime Operations Center to execute command and control over its assigned forces, subordinate task forces that are organized to actually execute the actions necessary to achieving the mission within their assigned mission sets, and a highly motivated work force of uniformed and civilian teammates who are the cornerstone of our efforts in the cyber domain.

While networking our forces and cyber security is our focus every day, every military member and American citizen should understand the vulnerabilities in cyberspace and institute practical safeguards to protect their systems and information (from protecting your private information on social media sites to using unique and difficult-to-guess passwords). For that reason, October is National Cybersecurity Awareness Month and we invite you to learn more by visiting www.fcc.navy.mil.

As the FCC/C10F nears completion of its third year since standing up in January 2010, it is fitting to take a moment to reflect on the contributions our Navy cyber warfighters have made, because they have been the strength of our efforts over these years and they will continue to be the source of that strength. Well done and thank you for the hard work, FCC/C10F team.

Continued success in cyberspace requires a team effort across the entire Navy. Every Sailor, civilian and contractor must understand the vital role they play in safeguarding our networks and information. Cyber readiness and security is everyone’s responsibility and FCC/C10F looks forward to teaming with each of you.

CYBERSPACE AND CHANGE

Army Gen. Keith B. Alexander

FROM: U.S. DEPARTMENT OF DEFENSE

Cybercom Chief: Culture, Commerce Changing Through Technology

By Claudette Roulo
American Forces Press Service
WASHINGTON, Oct. 12, 2012 – Over the past six or seven years, cyberspace has undergone a tremendous transformation, the commander of U.S. Cyber Command said Oct. 11 at the United States Geospatial Intelligence Foundation’s GEOINT 2012 conference in Orlando, Fla.

Network convergence -- the consolidation of analog networks into a digital network -- is driving cultural change and commercial innovation, Army Gen. Keith B. Alexander, also the director of the National Security Agency, said.

Everyone is connected to the network, Alexander said, even his two-year-old grandson, who on his own has figured out how to turn on an iPad and use Skype to call his grandmother.

"Now think about that," the general said. "Think about the tremendous change and the opportunities."

Commerce and communications are increasingly reliant on the digital network, he said, noting global mobile traffic has already reached 20 petabytes of data sent this year. A petabyte is equal to one quadrillion [1 followed by 15 zeroes] bytes.

"The opportunities are endless," Alexander said. "This is something we should welcome with open arms."

But with these opportunities come some "huge" vulnerabilities, he said.

According to a study by Symantec Corp., maker of Norton anti-virus products, 72 percent of Americans have been hacked, Alexander said.

"My assessment is it’s actually higher," he added. "That’s what we know about. What we see is most companies don’t know that they’re hacked."

Companies that have been hacked in the past two years include Master Card, Visa, Symantec, Google, Citi and Sony, Alexander said. The intellectual property being stolen amounts to the greatest transfer of wealth in history, he added.

The costs of cybercrime are huge, Alexander said, averaging about $290 per victim and resulting in billions of dollars in losses a year.

Malware, or malicious software, is on the rise, he said, noting a study by the McAfee Co. that reported 1.5 million new pieces of malware since the first quarter of 2012.

Botnets send approximately 89 billion spam emails every day, Alexander continued. Botnets are collections of computers whose firewalls have been breached by malware and are being controlled by a third party for malicious purposes.

"Roughly 25 percent of what we see on the network is spam," he said.

Mobile malware also is on the increase, Alexander said. In one four-month period, the number of exploits for Google Android phones increased 500 percent, Alexander said.

Government and industry need to join together to combat the ongoing theft of personal data, intellectual property and other resources, he said.

"Ninety percent of cyberspace is owned and operated by industry," Alexander said. "But the government depends on that space to operate."

Hackers are shifting from theft to destruction, he said, and this represents a serious threat for which the U.S. needs to prepare.

The first step in preparing the country is better training for the people who defend the network, Alexander said. The second is defensible architecture.

"That starts out with a thin-virtual [-client] cloud environment," the general said. The NSA, he added, has built a cloud system called Accumulo using a hybrid of both open-source and encrypted software.

"[When] you have a patch, you push it out to the cloud and ... at network speed you can essentially patch the network," Alexander said. "You have erased that vulnerability from your system. That’s huge."

The speed with which patches are applied is crucial to ensuring network security, he said, because hackers use news about vulnerabilities to exploit unpatched computers and networks.

"We need to close that window," Alexander said.

To do that there needs to be a way of sharing information between the government and industry, he said.

"That’s a problem," Alexander said. "How do you do that? The answer is, ‘Well, we can’t do that easily.’ So, we need legislation."

There are ongoing efforts to obtain such legislation, he said, adding, "noting that he expects Congress to address cybersecurity legislation again next year.

An attempt to develop national cybersecurity legislation failed in Congress earlier this year, he said. The failure was due, in part, Alexander said, to Congressional concerns revolving around the roles of the Department of Homeland Security and the NSA.

The government doesn’t want to hamper industry, Alexander said, noting it just makes sense for government and industry to work together because "everybody’s being hacked." The issue comes down to the role of business and the role of government, he said.

"We need to solve this before there’s a big problem," the general said, "because after there’s a big problem, we’re going to race to the wrong solution."

U.S. CYBER COMMANDER SAYS U.S. NOT PREPARED FOR CYBER WAR

FROM:  U.S. DEPARTMENT OF DEFENSE
Cybercom Chief: U.S. Unprepared for Serious Cyber AttacksBy Claudette Roulo
American Forces Press Service

ASPEN, Colo., July 26, 2012 - The United States is not adequately prepared for a serious cyber attack, the commander of U.S. Cyber Command told the audience at the Aspen Institute's annual security forum today.

Army Gen. Keith Alexander, who also serves as the director of the National Security Agency and the chief of the Central Security Service, said that, in terms of preparation for a cyber attack on a critical part of its network infrastructure, the U.S. is at a three on a scale of one to ten.

The problem of defending the nation from a cyber attack is complicated, Alexander said. It's not just a question of preparing the Department of Defense or federal networks. Private industry also has to be defended.

"Industry has a variety of capabilities," Alexander said. While networks serving the financial community are well-defended, others sectors need help.

Key to developing a strong cyber security infrastructure is educating its users, Alexander said.

"We have a great program, it's jointly run by [the National Security Agency] and [the Department of Homeland Security] working with over 100 different colleges and universities to set up an information assurance/cyber security portfolio," he said.

Ensuring people who didn't grow up in the Internet age are security-aware is one of the major challenges facing those who secure the network, Alexander said.

The number of exploits of mobile technology has almost doubled over the past year, he said, and many people don't realize that phones are tied into the same digital network infrastructure as computers.

Alexander defined exploits as the means that a hacker uses to penetrate a system, including mobile phones or tablets, to potentially steal files and credentials or jump to another computer.

"The attack surfaces for adversaries to get on the internet now include all those mobile devices," Alexander said. And mobile security lags behind that of cyber security for landline devices like desktop computers.

Alexander said the Department of Defense, in concert with agencies like the Department of Homeland Security and the Federal Bureau of Investigation, works together with industry to secure network devices.

"If we identify a problem, we jointly give that back to industry and say 'Here's a problem we found,'" Alexander said.

Using the nuclear model, or concentrating solely on major nation-states, to analyze the cyber threat is wrong, he said. Several nations are capable of serious cyber attacks, he explained, but anyone who finds vulnerabilities in the network infrastructure could cause tremendous problems.

Industry and government must work as a team to combat these threats, Alexander said.

"There are great folks in industry who have some great insights," he said. "That's the only way that we can prevent those several states from mounting a real attack on this nation's cyber."

In addition, deterrence theory worked for nuclear weapons in part because the decision time was much slower than it is for cyber threats.

"A piece of information can circumnavigate the globe in about 133-134 milliseconds," he said. "Your decision space in cyber [is] half that—60 seconds."

"My concern is...you've seen disruptions like in Estonia in 2007, in Georgia, Latvia, Lithuania, Azerbaijan, Kyrgyzstan, you could go on," he said. "We've seen them here in the United States... What I'm concerned about is the shift to destructive [attacks]. Those are the things that will hurt our nation."

Disruptive attacks, like distributed denial-of-service attacks, are aimed at interrupting the flow communication or finance, but aren't designed to cause long-term damage.

In contrast, destructive attacks are designed to destroy parts of the network infrastructure, like routers or servers, which would have to be replaced in order to resume normal operations, Alexander said. In some cases this could take weeks or months.

Congress is considering bills that would give the Department of Homeland Security a greater role in setting performance requirements for network industries. Alexander said this legislation is important to assist in setting network infrastructure standards.

Both parties have something to bring to the table, he said. Industry knows things that government doesn't, and government knows things that industry doesn't.

"If we were to be completely candid here, the reality is that industry is getting hacked [and] government is getting hacked," he said. "What we need to do is come together and form best practices."

Government-civil partnerships open up the possibility that the U.S. can accomplish things in cyber space that no other nation has the capability to accomplish, Alexander said.

"When we put together this ability for our nation to work as a team in cyber space, what that allows us to do now is do things that other countries aren't capable of doing in defending the nation," Alexander said.

Because attributing the source of a cyber attack is difficult, the focus is currently on defense rather than offense, Alexander said.

"Today, the offense clearly has the advantage," he said. "Get cyber legislation in there, bring industry and government together, and now we have the capability to say 'You don't want to attack us. We can stop it and there are other things that we can do to really make this hurt.'"

"The key is having a defensible capability that can survive that first onslaught," Alexander said.

U.S. NATIONAL SECURITY AGENCY WORKS TO ENSURE CYBERSPACE ACCESS

FROM:  AMERICAN FORCES PRESS SERVICE
NSA Chief: Cyber World Presents Opportunities, Challenges
By Jim Garamone
WASHINGTON, July 10, 2012 - Technology has opened tremendous opportunities for the world, but also poses tremendous challenges for those who work to ensure access to cyberspace, the director of the National Security Agency said here yesterday.

Army Gen. Keith B. Alexander, who also commands U.S. Cyber Command, told participants in an American Enterprise Institute seminar titled "Cybersecurity and American Power" that the capability exists today for destructive cyber attacks against critical infrastructures.

The cyber world is an increasingly important domain, the general said. In 2000, 360 million people were on the Internet. Today, more than 2.3 billion people are connected. Last year, 107 trillion emails were sent, he added, and a sign of the times is that more than 500,000 apps exist for the iPhone and 280,000 for Android smartphones.

But this tremendous opportunity for communication also presents a potential avenue of attack, Alexander said. A 2007 denial-of-service attack on Estonia virtually shut the nation down, he said, but that was just a transitory event in the evolution of cyber attacks.

"What I think we really need to be concerned about is when these transition from disruptive to destructive attacks -- and I think those are coming," he said.

A destructive attack does not simply overload computers or networks -- it destroys data or software, and systems must be replaced to return to the status quo. "We've got to consider that those are going to happen," Alexander said. "Those are coming up, and we have to be ready for that."

The general stressed that deterring cyber attacks is more difficult than nuclear deterrence, noting that nation-states, cyber criminals, hackers, activists and terrorists all pose threats. "So when you think about deterrence theory, you're not talking about just nation-on-nation deterrence theory," he said. "You have other non-nation-state actors that you now have to consider."

An attack may originate in a country, Alexander said, but no one can really tell if it's the nation, a criminal gang within the country or a lone hacker launching the attack.

Regardless of who initiates an attack, he added, the result could be the same. "You lose the financial sector or the power grid or your systems capabilities for a period of time," the general said. "It doesn't matter who did it; you still lose that. So you've got to come up with a defensive strategy that solves that, from my perspective."

The U.S. defensive strategy has to be a team approach, he said. "We want to get as many people as we can working together to solve this problem," Alexander said.
The White House has led the governmental effort, spanning the Department of Homeland Security to the Defense Department to the FBI and beyond. And any protection -- to be effective -- must include the private sector, the general told the audience. This has caused hackles to rise, he acknowledged, with critics saying such efforts are an invasion of privacy. But, Alexander said, it can be done while protecting civil liberties.

"If the critical infrastructure community is being attacked by something, we need them to tell us at network speed," the general said. "It doesn't require the government to read their mail or your mail to do that. It requires them -- the Internet service provider or that company -- to tell us that that type of event is going on at this time. And it has to be at network speed if you're going to stop it."

Cyber runs at the speed of light, Alexander noted, and human reaction times are simply not fast enough to react.

"Maybe we could do this in real time and come up with a construct [in which] you and the American people know that we're not looking at civil liberties and privacy, [but] we're actually trying to figure out when the nation is under attack and what we need to do about it," he said.