Showing posts with label CYBER COMMAND. Show all posts
Showing posts with label CYBER COMMAND. Show all posts

Wednesday, August 20, 2014

U.S. CYBER COMMAND EXPANDING

FROM:  U.S. DEFENSE DEPARTMENT 
Rogers: Cybercom Defending Networks, Nation
By Cheryl Pellerin
DoD News, Defense Media Activity

FORT MEADE, Md., Aug. 18, 2014 – U.S. Cyber Command continues to expand its capabilities and capacity, Navy Adm. Mike Rogers said Aug. 14.
The Cybercom commander was speaking during an interview at the NSA headquarters building here. Rogers is also director of the National Security Agency and chief of the Central Security Service.

“The decision to create [Cybercom] was a … recognition of a couple things. No. 1, the increasing importance of the cyber domain and the cyber mission set in Department of Defense operations in the 21st century,” Rogers said.

Such a command would add to the department’s ability to protect and defend its networks, and give policymakers and operational commanders a broader range of options, he said.

The second consideration involved DoD’s mission to defend the nation, coupled with the potential of nation-states, groups and individuals to conduct offensive cyber activities against critical U.S. infrastructure.

In that scenario, the admiral said, defense officials thought it was likely the president would “turn to the secretary of defense and say, ‘In your mission to defend the nation, I need you to do the same thing here in the cyber arena against this mission set critical to U.S. infrastructure, and I need an organization capable of doing that.’”

These conditions led the department to realize the need to create a traditional warfighting organization capable of executing a spectrum of cyberspace missions, Rogers said.

And, he added, they knew they needed to do so “with a dedicated professionalized workforce. This is not a pickup game where you just come casually to it.”
Rogers said he focuses on five priorities for Cybercom.

These are to build a trained and ready cyber force, put tools in place that create true situational awareness in cyberspace, create command-and-control and operational concepts to execute the mission, build a joint defensible network, and ensure Cybercom has the right policies and authorities that allow it to execute full-spectrum operations in cyberspace.

Making progress is important to Rogers, who characterized his ultimate goal as bringing Cybercom to a level where it’s every bit as trained and ready as any carrier strike group in the U.S. Central Command area of responsibility or any brigade combat team on the ground in Afghanistan.

“My objective during my time as the commander, first and foremost,” the admiral said, “is to ensure that we have brought to fruition the operational vision in cyber … [to make sure] it’s something real, it’s something tangible, and it is operationally ready to execute its assigned missions.”

That is happening as Cybercom brings its warfighting capability online, with the services generating a total cyber mission force of about 6,000 people by 2016, all trained to the same high standard and aligned in 133 teams with three core missions:

-- The Cyber National Mission Force, when directed, is responsible for defending the nation’s critical infrastructure and key resources.

-- The Cyber Combat Mission Force provides cyber support to combatant commanders across the globe; and
-- The Cyber Protection Force operates and defends the DoD information network, or DoDIN.

Defending the DoDIN is the focus of a partnership in progress with the Defense Information Systems Agency, or DISA.

The agency provides command and control and information-sharing capabilities and a globally accessible enterprise information infrastructure to warfighters, the president and national leaders, and other mission and coalition partners.
DISA, Rogers points out, is also a combat support agency.

The agency reports to acting DoD Chief Information Officer Terry Halvorsen, and its director is Air Force Lt. Gen. Ronnie D. Hawkins Jr.

“I have always believed … that we need to integrate operations and networks and our defensive workforce into one team,” Rogers said, “and that you are more effective in operating a network and in defending a network when you do it with one integrated approach.”

As a result, Rogers’ team decided they needed to create a relationship with DISA, he said, adding, “At the moment there’s no formal [command and control] line between us, but we’re in the process of creating one.”

As part of that process Rogers collaborates with Halvorsen and Hawkins.
“What I think we need to do,” he said during their meeting, “is create an operational construct that creates a direct linkage [between] U.S. Cyber Command, DISA and U.S. Cyber Command service components.”

It’s critical that the relationship includes the service components, Rogers said, “Because, under the current network structure today, those networks are largely run by [the] services. So we’ve got to create a relationship between DISA and the services that is very operational because you’ve got to maneuver networks, you’ve got to react to changes, and you can’t do that in a static kind of environment.”
He added, “We're in the process of doing that and I expect to roll it out in the fall. … You’ll hear it referred to as JFHQ DoDIN,” he said, or Joint Force Headquarters DoD Information Networks.

Rogers said that he, Halvorsen and Hawkins agree, this is the future of DISA.
“[DISA] will operate on the networks. They'll be part of our defensive effort so they will be out operating on the networks just like us,” he added.

“One of the core missions is the defense of the DoDIN,” Rogers said. “The forces associated with that mission will be assigned to DISA, to the services [and] to the combatant commanders.” So, he added, DISA will have operational control over some of the cyber mission force to help execute their mission.

Another of Rogers’ priorities for Cybercom is to help develop a common situational awareness of “what’s happening in DoD networks,” he said.

The commander highlighted the need for speed and agility in the cyber arena, adding, “If you can’t visualize what you’re doing … you’re not going to be fast or as agile, and thus arguably not as effective as you need to be.”

Rogers said, “As an operational commander I am used to the idea of walking into a command center, looking at a visual depiction that through symbology, color and geography enables me to very quickly come to a sense of what's happening in this space. We are not there yet in the cyber arena.”

Establishing situational awareness in the cyber realm is a combination of technology and capability, the admiral said, and determining what knowledge is needed and what elements contribute to that.

“Is what U.S. Cyber Command needs to know about what's going on in the network world the same thing as a strike group commander needs in the Western Pacific? The same thing an Air Force air wing needs in Minot, North Dakota? The same thing a brigade combat team needs in Afghanistan? It will vary, so we've got to create a system that you can tailor to the needs of each commander,” he said.
Rogers noted there are many ongoing efforts to improve situational awareness, pointing out the need to work collaboratively to fix the problem.

“We do have some tools right now,” he added. “They’re just not as mature and comprehensive as I'd like them to be.”
Cyber is foundational to the future, the admiral said, and he often comments to his fellow operational commanders that cyber is a mission they have to own.
“The wars of the 20th century taught most warfighting professionals that, no matter what you do, a good foundational knowledge of logistics is probably going to stand you in good stead,” Rogers explained.

In the 21st century, he added, operational commanders may find that, regardless of their mission, they will need a sense of what’s going on in their networks, where they’re taking risk, and the impact of network structure and activities on their ability to execute the mission.

“It’s not something you turn to your communications officer … or your CIO and say, ‘I don't really understand this. Go out and do some of that for me.’ That isn't going to get us where we need to go,” the admiral said.

Rogers elaborated on the need for Cybercom to be ready.

During his time as Cybercom commander, he said he expects that a nation-state, group or individual will attempt to engage in offensive, destructive capability against critical U.S. infrastructure, from the power grid to the financial sector.
The Presidential Policy Directive for Critical Infrastructure Security and Resilience outlines 16 designated U.S. Critical Infrastructure sectors.
Rogers says he tells his team they have to be ready to respond to such a call. But for an attack on the United States, Cybercom will support the Department of Homeland Security, which is the lead agency for broader security protections associated with critical infrastructure, and partner with the FBI, which is the lead agency for domestic attacks and law enforcement.

“Our biggest focus really is going to be bringing our capabilities to bear to attempt to interdict the attack before it ever gets to us,” the admiral said.

“Failing that,” he continued, “we'll probably also have some measure of capability that we can provide to work directly with those critical infrastructure networks to help address the critical vulnerabilities and where the networks could use stronger defensive capability.”

To prepare for such interagency collaboration in the event of a domestic cyberattack, the command trains as it will fight, Rogers said.

“In the military I'm used to the idea that you train like you fight. So we exercise [and] we replicate the things we think are going to occur in a combat scenario,” the admiral said. “I want to do the exact same thing with the same set of teammates I'm going to operate with if we get the order to do so.”

The department and Cybercom already do internal exercises, he said, as well as ongoing interagency exercises such as Cyber Guard, in which elements of the National Guard, reserves, NSA and Cybercom exercise their support to DHS and FBI responses to foreign-based attacks on simulated critical infrastructure networks.

The whole-of-government exercise, completed June 17, was designed to test operational and interagency coordination and tactical-level operations to prevent, mitigate and recover from a domestic cyber incident.

Cyber Guard is a good example, Rogers said, “but I want to build on that. DHS and FBI were there but I think we can do even more.”

Information sharing and partnerships with the critical infrastructure sectors is an important aspect of enabling Cybercom to more effectively interdict and stop an attack, if directed to do so by the president and defense secretary, he added.
The cyber threat is growing increasingly complex, the Cybercom commander said, and a more diverse set of actors is involved in the mission set, “from nation-states that continue to increase their capabilities, to groups, to individuals.”

In broad terms, he added, “you don’t see a crisis in the world today that doesn’t have a cyber aspect to it.”

For that reason and others, the ultimate construct of Cybercom must be flexible, the admiral said.

“If you want to develop full-range capabilities and generate the maximum flexibility for their application, you’ve got to build a construct that recognizes we’re going to be supported sometimes, we’re going to be supporting other times, and sometimes we’re going to be doing both simultaneously,” Rogers said.
In one scenario Cybercom might be helping the commander in the Pacific, he said, and “at the same time we might be driving efforts to secure the U.S. financial infrastructure … and trying to support U.S. Central Command.

“It’s just the nature of things,” Rogers said, “because cyber is so global and so foundational.”


Tuesday, June 11, 2013

THE TACTICAL EDGE: MARINES AND CYBER OPERATIONS

Marine Corps Lance Cpl. David Anzualda, a cyber network operator with the 26th Marine Expeditionary Unit command element, peers out the back of an MV-22B Osprey as he crosses decks from the USS Bataan to the USS San Antonio, Dec. 15, 2012. This was part of the 26th MEU's third major training exercise of their pre-deployment training process. The 26th MEU operates continuously around the globe, providing a forward-deployed, sea-based quick-reaction force. The MEU is a Marine air-ground task force capable of conducting amphibious operations, crisis response and limited contingency operations. U.S. Marine Corps photo by Cpl. Kyle N. Runnels

FROM: U.S. DEPARTMENT OF DEFENSE

Marines Focused at Tactical Edge of Cyber, Commander Says
By Cheryl Pellerin
American Forces Press Service
MARINE CORPS BASE QUANTICO, Va., June 10, 2013 - What differentiates his command from Army, Navy and Air Force cyber operations is a focus on the forward-deployed nature of America's expeditionary force in readiness, the commander of Marine Corps Forces Cyberspace Command said during a recent interview here.

As commander of MARFORCYBER, Lt. Gen. Richard P. Mills heads one of four service components of U.S. Cyber Command. The Marine command stood up in January 2010.

Today, 300 Marines, federal civilians and contractors are performing cyber operations, Mills said. That number, he added, will grow to just under 1,000, at least until fiscal year 2016.

Each of the services' cyber commands protects its own networks, Mills noted.

"Where we differ is that we look more at tactical-level cyber operations and how we will be able to provide our forward-deployed ... Marine Air-Ground Task Force commanders with the capability to reach back into the cyber world [at home] to have their deployed units supported," the general said.

The basic structure for deployed Marine units, he said, is an air-ground task force that integrates ground, aviation and logistics combat elements under a common command element.

"We're more focused at the tactical level, the tactical edge of cyber operations, in supporting our forward-deployed commanders, and that's what we should do," Mills said.

It's an important capability, the general said, and one that will become more important and effective for deployed commanders in the years ahead.

"Cyber to me is kind of like artillery or air support," Mills explained. "The actual weapon systems are well to your rear, back here in the continental United States, and what you need to be able to do is request that support be given to you and have it take effect wherever you're operating."

The Marine Corps cyber mission is to advise the commander of U.S. Cyber Command, Army Gen. Keith B. Alexander, on the capabilities of the Marines within the cyber world and how to best use those forces in accomplishing the Cybercom mission, Mills said.

"That's our first job," he added. "Our second job is to be able to conduct cyber operations across all three lines of cyber operations -– defensive and offensive cyber ops –- so we have to man, train and equip Marine forces to accomplish those missions."

In testimony to Congress in March, Alexander described the three Cybercom lines, or missions.

-- A Cyber National Mission Force and its teams will help to defend the country against national-level threats;

-- A Cyber Combat Mission Force and its teams will be assigned to the operational control of individual combatant commanders to support their objectives; and

-- A Cyber Protection Force and its teams will help to operate and defend the Defense Department's information environment.

Of the nearly 1,000 MARFORCYBER forces that will come online between now and fiscal 2016, Mills estimated that a third will be in uniform, a third will be federal civilian employees, and a third will be contractors.

MARFORCYBER has Marines in the joint community who work throughout Cybercom at Fort Meade in Maryland. The Marine Corps cyber organization also is developing teams to be tasked by Cybercom to conduct operations across the spectrum of cyber operations.

"It's very similar to what we do today," Mills said. "The units train and go forward from the United States and work for other commanders well forward, and cyber will be the same way. We'll ship forces to Cybercom when requested, fully trained, fully manned, fully equipped, ready to operate."

MARFORCYBER is a full-up component command under Cybercom along with the Air Force, Navy and Army, the general said.

"All four of the component commanders talk regularly to each other and meet regularly at Cybercom to coordinate our growth, coordinate our requirements, [provide] input to Cybercom and take its guidance and direction, and operate together in big exercises like Cyber Flag," he said.

Cyber Flag is an annual exercise at Nellis Air Force Base, Nev., which Cybercom conducts with U.S. interagency and international partners.

For the Marines, the smallest U.S. military service branch, contractors play an important part in cyber, the general said.

"One of the challenges of cyber is that it's such a dynamic environment," he explained. "You need people who are educated and current in their specialties and who are available to stay on the job for long periods of time, whereas Marines come and go in the normal assignment process."

Contractors have skill sets that aren't always available in the active-duty Marine Corps, and can fit neatly into short-term projects, he added.

"They all operate under the same clearance requirements, the same authorities, the same rules," the general said. "That's one of the things that make them so expensive. They come at a cost, but you have to bear it to make sure that your cyber capabilities are current and that you stay on the cutting edge."

In the newest domain of warfare, the battlefield is evolving, Mills said, and Marine commanders have come to understand the impact cyber can have on defensive and offensive operations.

"I think cyber commanders now understand when you go forward you have to be able to defend your systems against intrusion by other states, by rogue elements, and even by hobbyists who are just trying to break in and infiltrate your nets," the general said. "But they're also beginning to understand the positive effects cyber can have in your operations against potential enemies. ... It's a very valuable tool in that quiver of arrows that a commander takes forward, and they want to understand how it operates."

In the new domain, even a discussion of weapons veers off the traditional path. A cyber weapon, Mills said, "can be something as simple as a desktop computer. It's also a vulnerability to you, because it's a way in which the enemy can enter your Web system if you put the wrong hardware on there or open the wrong attachment or email."

Cyber weapons are much more nuanced than big cannons and large bombs and weapons systems.

"The armories of the cyber world are very sophisticated computers and very sophisticated smart people who sit behind those computers and work those issues for you," the general said.

Mills said he's an infantry officer by trade, so he tends to view everything he does through a combat-arms prism.

"I think the definition of combat arms is expanding a little bit these days," he said. "I don't think cyber is any longer a communicator's environment -- it's an operator's environment. So we want that cyber expert to sit in the operations shop right next to the air expert, right next to the artillery expert, because we think that's where it belongs."

Mills pointed out the contrast between a Marine "kitted out" for battle with a Marine dressed for a cyber operation who may be sitting behind a desk in the United States.

"He's got access to a huge computer system that allows him to operate within that domain," the general said. "He may go home at night and never have to deploy forward. But he's providing support to deployed forces, he's conducting actions against designated targets, he's doing a lot of things -- but from the foxhole or the fighting hole at his desk, rather than some foxhole or fighting hole forward."
 

Saturday, March 9, 2013

WAR OF THE CYBER WORLDS

U.S. sailors assigned to Navy Cyber Defense Operations Command man their stations at Joint Expeditionary Base Little Creek-Fort Story, Va., Aug. 4, 2010. NCDOC sailors monitor, analyze, detect and respond to unauthorized activity within U.S. Navy information systems and computer networks. U.S. Navy photo by Petty Officer 2nd Class Joshua J. Wahl

FROM: U.S. DEPARTMENT OF DEFENSE
Cyber Command, DOD Work to Understand Cyber Battlespace
By Cheryl Pellerin
American Forces Press Service

WASHINGTON, March 7, 2013 - Since the Defense Department officially made cyberspace a new domain of warfare in 2011, experts in the public and private sectors have been working to make that inherently collaborative, adaptable environment a suitable place for military command and control.

In July of that year, the first initiative of the first DOD Strategy for Operating in Cyberspace called for treating cyberspace as an operational domain -- no different from air, land, sea or space -- to organize, train and equip so the department could take full advantage of cyber potential.

Cyberspace is defined as a collection of computer networks that use a variety of wired and wireless connections, a multitude of protocols, and devices ranging from supercomputers to laptops to embedded computer systems designed for specific control functions in larger systems.

At the 4th Annual Cyber Security Conference held here Feb. 22, Air Force Maj. Gen. Brett T. Williams, director of operations at U.S. Cyber Command, described how Cybercom is using the Internet and other aspects of the cyber environment to execute its mission.

"The challenge we have is that the Internet was never designed for military command and control, ... yet we've adapted it to do that," he said.

In the process, the general added, officials have tried to define the Cybercom mission more clearly over the last few months.

As part of DOD, Williams said, part of Cybercom's mission is to help in defending the homeland, especially against cyberattacks and other activities in cyberspace that could affect national security.

"In that role, like the rest of the Department of Defense, we function as a supporting command to the national command authority at the Department of Homeland Security," he added.

Cybercom's second responsibility is to secure, operate and defend what is now defined as the Department of Defense information networks, or DODIN, formerly called the Global Information Grid, the general said. DODIN is a globally interconnected end-to-end set of information capabilities for collecting, processing, storing, disseminating and managing information on demand to warfighters, policymakers and support personnel.

The third mission area, he said, is to support regional combatant commanders such as those at U.S. Pacific Command and U.S. Central Command, and functional combatant commanders such as those at U.S. Transportation Command and U.S. Strategic Command.

Quantifying mission requirements is another effort under way at Cybercom, the general said.

"What we're working through right now is taking forces dedicated to the cyber mission and fundamentally defining a unit of action or unit of employment to do our mission, then realigning our forces," Williams said. "You need to be able to say, 'What kind of cyber units do I need and how many do I need?' If you can't do that, then you really can't [plan] and you can't understand where you're taking risk."

For a military force, according to the U.S. Army Combined Arms Center, a line of operation is a line that defines the orientation of a force in time and space in relation to the adversary, and links the force with its base of operations and objectives. Major combat operations typically are designed using lines of operation.

For the cyber domain, Cybercom has three lines of operation -- DOD network operations, defensive cyber operations and offensive cyber operations.

For network operations "we provision, we operate, we maintain the networks [and] we do static defense," Williams said -- things such as firewalls, antivirus applications and the host-based security system called HBSS, the DOD off-the-shelf commercial suite of software applications used to monitor, detect and counter attacks against DOD computer networks and systems.

"No matter how good we get at [defending the network], it's not going to be sufficient," the general said, "because if we harden the network such that nobody gets in, then we can't get out, and we lose our ability to do the most important thing we need to do in cyber, which is, I would argue, to command and control our forces."

The second line of operation involves defending cyber operations. What Cybercom calls DCO has two aspects, Williams said.

First, he explained, people must be able to maneuver in Cybercom's friendly networks and hunt for and kill things that get through the static defenses. Cybercom also needs a "red team" capability to simulate the opposition for training purposes, and it needs people who can assess the networks for vulnerabilities and advise the network owners, or commanders, where it makes sense to take risk based on their operational missions.

"The other part of the DCO is that we need capability to go outside our own networks" and stop malware and other attacks before they reach the network, the general said.

"Having the capability to operate outside our own networks ... subject to all the laws of war, all the rules of engagement, all [DOD] polices ... means being able to have that spectrum of options [available] for the commanders," he added.

The third line of operation is offensive cyber operations, or OCO, Williams said. "That's the ability to deliver a variety of effects outside our own networks to satisfy national security requirements," he explained.

Given these lines of operation, Williams said, commanding and controlling forces in cyberspace requires technologies with different capabilities than are fully available today.

"What we really need is all the data to understand what goes on in cyberspace. ... Every time something plugs in, it's got to identify itself and populate a database with all the knowable parameters," he said.

The data has to go from unclassified to top secret and be accessible to anyone with appropriate clearances, he added, and how the data is presented should be cost-effectively customizable at any level.

"The second thing we need is to be able to move that data around," Williams said. "We've got to get away from these [tens of thousands] of networks that we rely on in the department to do what we have to do."

Some of these critical cyberspace requirements will be met by the Joint Information Environment, the general said. JIE is a single, joint, secure, reliable and agile command, control, communications and computing enterprise information environment to which DOD is transitioning in a first-phase implementation that spans fiscal years 2013 and 2014.

The JIE will combine DOD's many networks into a common and shared global network. It will provide email, Internet access, common software applications and cloud computing. Main objectives are to increase operational efficiency, enhance network security and save money by reducing infrastructure and staffing.

According to the Defense Information Systems Agency, the JIE will encompass all DOD networks and will enhance network security by:

-- Using a single-security architecture;

-- Minimizing network hardware, software and staffing;

-- Giving DOD users access to the network from anywhere in the world;

-- Focusing on protecting data; and

-- Improving DOD's ability to share information among the services and with government agencies and industry partners.

Williams said operating in cyberspace also calls for the kind of mission-critical command-and-control capability provided to air operations by the Theater Battle Management Core System, a set of software applications that allows automated management of air battle planning and intelligence operations. The system operates at the force level and the unit level.

"We need that same type of thing to do our planning for cyberspace," the general said, adding that the closest thing he's seen to a workable system for cyberspace is called Plan X, an effort announced in May by the Defense Advanced Research Projects Agency.

Plan X, according to DARPA's website, will try to create revolutionary technologies for understanding, planning and managing DOD cyber missions in real-time, large-scale and dynamic network environments.

More than 350 software engineers, cyber researchers and human-machine interface experts attended the initial DARPA workshop.

"The program covers largely uncharted territory as we attempt to formalize cyber mission command and control for the DOD," DARPA program manager Dan Roelker said in a recent statement.

Plan X, Williams said, "is being worked by a group of people who in my view are technology people who have a better understanding of the operational requirement than most anybody else I've seen. They've taken it from the PowerPoint level to some things where you can see how this would work."

Cybercom needs such a knowledge-management tool, the general said, "that allows us to plan and execute in an intuitive way and that doesn't require everyone who operates in cyber to have a degree in electrical engineering or computer science. We just can't train everybody to do that."

Tuesday, February 19, 2013

CYBERSECURITY AND U.S. CYBER COMMAND

CYBER COMMANDER GEN. ALEXANDER
FROM: U.S. DEPARTMENT OF DEFENSE
Cybercom Commander Calls Cybersecurity Order First Step
By Army Sgt. 1st Class Tyrone C. Marshall Jr.
American Forces Press Service

WASHINGTON, Feb. 13, 2013 - The cybersecurity policy President Barack Obama announced during his annual State of the Union address is a step toward protecting the nation's critical infrastructure, the commander of U.S. Cyber Command said here today.

Army Gen. Keith B. Alexander, also director of the National Security Agency, joined senior U.S. officials from the White House and the Commerce and Homeland Security departments to discuss strengthening the cybersecurity of the country's critical infrastructure.

"We need a way of sharing information between government and industry -- both for information sharing and hardening our networks," he said. "I think what we're doing in the executive order tackles, perhaps, the most difficult issue facing our country: How do we harden these networks when, across all of industry and government, those networks are in various states of array? We've got to have a way of reaching out with industry and with government to solve that kind of problem."

The general said the new cybersecurity policy is important to strengthening the country's defenses against cyberattacks. "The systems and assets that our nation depends on for our economy, for our government, even for our national defense, are overwhelmingly owned and operated by industry," he explained. "We have pushed hard for information sharing."

Private-sector companies have the information they need to defend their own networks in a timely manner, he said. "However, information sharing alone will not solve this problem," he added. "Our infrastructure is fragile." The executive order Obama signed to put the new cybersecurity policy into effect sets up a process for government and industry to start to address the problem, the general said.

But although the president's new executive order helps to bring about some solutions, Alexander said, it isn't comprehensive.

"This executive order is only a down payment on what we need to address the threat," he said. "This executive order can only move us so far, and it's not a substitute for legislation. We need legislation, and we need it quickly, to defend our nation. Agreeing on the right legislation actions for much-needed cybersecurity standards is challenging."

The executive order is a step forward, though, because it creates a voluntary process for industry and government to establish that framework, Alexander said.

"In particular, with so much of the critical infrastructure owned and operated by the private sector, the government is often unaware of the malicious activity targeting our critical infrastructure," he said. "These blind spots prevent us from being positioned to help the critical infrastructure defend itself, and it prevents us from knowing when we need to defend the nation."

The general noted government can share threat information with the private sector under this executive order and existing laws, but a "real-time" defensive posture for the military's critical networks will require legislation removing barriers to private-to-public sharing of attacks and intrusions into private-sector networks.

"Legislation is also necessary to create incentives for better voluntary cooperation in cyber standards, developments and implementation," he said, "and to update and modernize government authorities to address these new cyber threats."

Alexander warned that potential cyber threats to the United States are very real, pointing to recent examples.

"You only have to look at the distributed denial-of-service attacks that we've seen on Wall Street, the destructive attacks we've seen against Saudi Aramco and RasGas, to see what's coming at our nation," Alexander said. Now is the time for action, he said, and the new executive order takes a step in implementing that action.

In his role as director of the NSA, Alexander said, he is fully committed to the development of the cybersecurity framework.


"We do play a vital role in all of this, and in protecting DOD networks and supporting our combatant commands and defending the nation from cyber-attacks," he said. "But we can't do it all. No one agency here can do it all. It takes a team in the government."

And the government cannot do it by itself, either, he added. "We have to have government and industry working together as a team," he said.

Wednesday, October 17, 2012

AIR FORCE SPACE COMMAND LEADER SPEAKS AT 11TH ANNUAL AIR FORCE IT DAY

Credit: U.S. Air Force
FROM: U.S. DEPARTMENT OF DEFENSE
AFSPC commander speaks at 11th Annual Air Force IT Day event

by 1st Lt. Connie Dillon
Air Force Space Command Public Affairs

10/12/2012 - PETERSON AIR FORCE BASE, Colo. -- General William L. Shelton, commander of Air Force Space Command, was a featured speaker at the Northern Virginia Chapter of the Armed Forces Communication and Electronics Association's 11th Annual Air Force IT Day event at the Sheraton Premiere Hotel in Tysons Corner, Va., on Oct. 11.

General Shelton addressed attendees at the annual one day conference, calling for more definition and articulation of solutions for a wide range of strategic issues facing AFSPC and the broader Air Force cyberspace enterprise. His comments included further defining cyberspace and the Air Force role in this new, accelerated warfighting domain.

"First and foremost, we are still grappling with defining cyberspace in a way that's effective and promotes understanding across the Air Force," said General Shelton. "Our actual working definition is still evolving as we gain more operational experience and understanding"

General Shelton described multiple organizations' various definitions of "cyberspace" and how it created confusion in roles, functions and "lanes in the road" due to the lack of precision in operating definitions. He said that there is a need to find a definition that provides a common, fundamental understanding for all developers, operators and stakeholders in the cyberspace enterprise.

"We owe it to our people, from the most junior Airman to the Secretary and Chief of Staff, to narrowly define what we mean when we talk about cyber, and once we've arrived at that agreed upon working definition, we must clearly communicate it to the field," he said.

Pursuant to that discussion, General Shelton brought up the interest to further define the Air Force's role in cyberspace.

"Every military operation, across the entire spectrum of conflict, relies on the cyber domain. We, like the rest of the Services, have huge equities in this domain," he said.

General Shelton discussed the cycle of questions that lead to additional questions about the Air Force's role in cyberspace. These questions bring up topics to include: the scope of our focus in the cyberspace domain, the major implications that the change of focus would have for Title 10/50 authorities, the decisions of whether or not the Air Force or other organizations will cover certain "high end" services, and the impact of those decisions on the force structure and capabilities presented to the U.S. Cyber Command.

"As you can tell, there are some basic decisions we'll need to make, relative to how we stake out our proper role in cyberspace. As a guiding principle in all of our decisions, it's incumbent on us in this community to convert our terminology into plain English" said General Shelton. "General Welsh has challenged us with avoiding confusing language, not only in cyber, but in all aspects of the Air Force, and we should be able to tell our story without the complication of insider terms of art."

The general also highlighted the need to provide cyberspace mission assurance in the increasingly challenged cyberspace domain.

"Cyber capability has developed over the past 40 to 50 years in a relatively benign, permissive environment, but it's no longer a very benign operating domain," said General Shelton. "Now we face a continuously changing landscape of threats, adversaries, and technologies. The cost of entry is low, anonymity is high, and attribution is difficult at best."

Anonymity, explained General Shelton, enables so much nefarious cyber activity today.

"State-sponsored attackers, criminal hackers, criminal elements hired by states, hackers who like to tweak our noses just for fun--there is no shortage of adversaries out there every day," he said.

General Shelton related the need to move our focus from information assurance to mission assurance, invoking concepts from Sun Tzu.

"If you try to protect everything, you'll succeed at defending nothing," he said. "We can't defend everywhere all at once, so we have to identify nodes and systems that are critical to mission assurance. We've got to carefully prioritize what assets, what data, which data path, we will protect in extremis."

"As you can see, we are shifting our focus from traditional cyber defense and information assurance, where there are too many gates to guard, to a strategy of resilience, layered defense, and mission assurance," said General Shelton.

General Shelton touched on strategies for recruiting, training, and retaining the cyber talent necessary across the entire Total Force, and the role of industry in an evolving cyberspace Acquisitions environment that demands rapid development times more relevant to cyberspace reality.

In closing, General Shelton noted the sense of urgency to figure out cyberspace now and get on a common vector.

"We've clearly only begun to take the initial steps toward really defining the operating domain, our Air Force role, the people we need, the focus we need, and the industry relationships we need," he said. "We may just be past the 'crawling' stage and into the 'walking' stage of cyber, but we need to step up smartly and start running."

This year's theme for the 11th Annual Air Force IT Day event was "The Joint Fight--Mission Success through Cyberspace."

Sunday, April 1, 2012

HEAD OF U.S. CYBER COMMAND TOLD SENATE PRIVATE-SECTOR COOPERATION NEEDED


The following excerpt is from an American Forces Press Service e-mail:



DOD Needs Industry's Help to Catch Cyber Attacks, Commander Says

By Lisa Daniel
American Forces Press Service
WASHINGTON, March 27, 2012 - The Defense Department needs private-sector cooperation in reporting computer network attacks in real time to stop what has been the "greatest transfer of wealth in history" that U.S. companies lose to foreign hackers, the head of U.S. Cyber Command told a Senate committee today.
Army Gen. Keith B. Alexander, who also is the National Security Agency director, told the Senate Armed Services Committee that he supports legislation that would require private companies to report attacks, and added that such reporting needs to happen before an attack is complete.

"We need to see the attack," he said. "If we can't see the attack, we can't stop it. We have to have the ability to work with industry -- our partners -- so that when they are attacked, they can share that with us immediately."
Many cyber defense bills have stalled in Congress over concerns about privacy, overregulation and the military's role in cyber protection, Alexander and the senators noted.

The general compared the current situation, where DOD computers receive some 6 million threatening probes each day, to a missile being fired into U.S. airspace with no radars to see it. "Today, we're in the forensics mode," he said. "When an attack occurs, we're told about it after the fact."

Alexander added, though, that industry should be monitoring their own systems with help from Cyber Command and the Department of Homeland Security. "I do not believe we want the NSA or Cyber Command or the military in our networks, watching it," he said.

Alexander explained the federal partnership of U.S. cyber security as one in which Homeland Security leads in creating the infrastructure to protect U.S. interests, Cyber Command defends against attacks, FBI conducts criminal investigations, and the intelligence community gathers overseas information that could indicate attacks.
"Cyber is a team sport," he said. "It is increasingly critical to our national and economic security. ... The theft of intellectual property is astounding."

The Defense Department's request of $3.4 billion for Cyber Command in fiscal 2013 is one of the few areas of growth in the DOD budget, senators noted. The command has made progress toward its goals of making cyber space safer, maintaining freedom of movement there, and defending the vital interests of the United States and its allies, Alexander said. The command also is working toward paring down the department's 15,000 separate networks, he said.

Cyber threats from nations -- with the most originating in China -- and non-state actors is growing, Alexander said.

"It is increasingly likely, as we move forward, that any attack on the U.S. will include a cyber attack," he said. "These are threats the nation cannot ignore. What we see ... underscores the imperative to act now."

Saturday, March 24, 2012

SECRETARY OF DEFENSE LEON PANETTA MEETS WITH NSA CYBER COMMAND

The following excerpt is from a U.S. Department of Defense e-mail:  

Panetta Visits NSA, Cyber Command Leadership

By Army Sgt. 1st Class Tyrone C. Marshall Jr.
American Forces Press Service
WASHINGTON, March 24, 2012 - Defense Secretary Leon E. Panetta met today with the leader of the National Security Agency and U.S. Cyber Command, said Pentagon Press Secretary George Little.
"Today Secretary Panetta visited the National Security Agency and U.S. Cyber Command at Fort Meade, Maryland, where he met with General Keith Alexander, commander, U.S. Cyber Command, and director, National Security Agency, Central Security Service, and the organizations' leadership," Little said.

Little said Panetta observed technology demonstrations and received briefings about key issues in the cyber arena.
Panetta's "discussions focused on efforts to enhance information sharing across the Defense Department and the intelligence community," Little said.

According to Little, Panetta said he was deeply impressed by team efforts to defend America against cyber attack.
"The secretary acknowledged the critical and important work that the Cyber Command and NSA team are accomplishing, and continues to stress the importance of developing cyber capabilities to meet emerging cyber threats," Little said.

Search This Blog

Translate

White House.gov Press Office Feed