FROM: U.S. DEFENSE DEPARTMENT
Cybercom Chief Discusses Importance of Cyber Operations
By Jim Garamone
DoD News, Defense Media Activity
NATIONAL HARBOR, Md., April 14, 2015 – Cyber is an operational domain, and military leaders are going to have to understand its importance and the opportunities and challenges of operating in the domain, Navy Adm. Michael S. Rogers said here today.
Rogers, the commander of U.S. Cyber Command, director of the National Security Agency, and chief of the Central Security Service, spoke at the Navy League’s 50th annual Sea-Air-Space Exposition. The admiral participated in a panel entitled, “Cyber, Electromagnetic War and Information Dominance.”
Rogers commented on the speed and growth of the cyber domain.
“The world around us is changing,” he said. “The spectrum and the network are converging. That represents vulnerability and opportunity. How do we set ourselves up to take advantage that opportunity while addressing that vulnerability?”
Cyber is an operational domain in which the U.S. military conducts many operations, “many of them like we do in any other operational domain,” Rogers said.
Understanding Cyber Culture
Getting traditional warfighters to understand the importance of cyber operations -- both defense and offense -- requires an understanding of culture and ethos that is more important than just technology, Rogers said.
“We have got to get beyond focusing just on the technical piece here,” Rogers said. “It’s about ethos. It’s about culture. It’s about warfighting. It’s about how do you operationalize a network on a warfighting platform, and what does that mean?”
He added, “It ain’t just a bumper sticker and it’s not just a slogan.”
In the cyber domain, the emphasis on operations will drive how to man, train and equip organizations, the admiral said. It also drives how the organization is structured, he added, and what operational concepts are deployed.
“It’s about how we are going to fight,” he said.
Capitalizing on Information Dominance
The Navy and the other services must put themselves in a position to capitalize on information dominance, the admiral said.
In June, the Navy will mark the 73rd anniversary of the Battle of Midway, said Rogers, noting that Midway changed the tide of World War II in the Pacific. An overmatched U.S. fleet sank four Imperial Japanese Navy aircraft carriers in a desperate battle off the strategic island of Midway.
It was through signals intelligence, code-breaking and communications that then-Navy Adm. Chester Nimitz knew where to position the few U.S. aircraft carriers he had in the region to win the battle.
“As an information warfare officer, as an information dominance officer, I take great pride in the role and capability that our predecessors brought to really make a critical difference in an operational outcome,” Rogers said.
Looking forward, cyber warriors must be able to provide the intelligence to win those battles and more, Rogers said.
How much better it would be in the future, he posited, “if we could not only provide those operational commanders great situational and environmental awareness, but what if we could provide commanders the ability to attempt to bring non-kinetic fires to bear, to give commanders assured command and control, because opponents are going to be contesting our command and control?”
Rogers said he’s pleased with the progress the maritime services have made in regard to cyber and the spectrum. But more needs to be done, he added.
The services, he said, need to factor cyber into every decision.
“Now we are in a totally different operational world,” he said.
A PUBLICATION OF RANDOM U.S.GOVERNMENT PRESS RELEASES AND ARTICLES
Showing posts with label CYBERCOM. Show all posts
Showing posts with label CYBERCOM. Show all posts
Tuesday, April 14, 2015
Wednesday, August 20, 2014
U.S. CYBER COMMAND EXPANDING
FROM: U.S. DEFENSE DEPARTMENT
Rogers: Cybercom Defending Networks, Nation
By Cheryl Pellerin
DoD News, Defense Media Activity
FORT MEADE, Md., Aug. 18, 2014 – U.S. Cyber Command continues to expand its capabilities and capacity, Navy Adm. Mike Rogers said Aug. 14.
The Cybercom commander was speaking during an interview at the NSA headquarters building here. Rogers is also director of the National Security Agency and chief of the Central Security Service.
“The decision to create [Cybercom] was a … recognition of a couple things. No. 1, the increasing importance of the cyber domain and the cyber mission set in Department of Defense operations in the 21st century,” Rogers said.
Such a command would add to the department’s ability to protect and defend its networks, and give policymakers and operational commanders a broader range of options, he said.
The second consideration involved DoD’s mission to defend the nation, coupled with the potential of nation-states, groups and individuals to conduct offensive cyber activities against critical U.S. infrastructure.
In that scenario, the admiral said, defense officials thought it was likely the president would “turn to the secretary of defense and say, ‘In your mission to defend the nation, I need you to do the same thing here in the cyber arena against this mission set critical to U.S. infrastructure, and I need an organization capable of doing that.’”
These conditions led the department to realize the need to create a traditional warfighting organization capable of executing a spectrum of cyberspace missions, Rogers said.
And, he added, they knew they needed to do so “with a dedicated professionalized workforce. This is not a pickup game where you just come casually to it.”
Rogers said he focuses on five priorities for Cybercom.
These are to build a trained and ready cyber force, put tools in place that create true situational awareness in cyberspace, create command-and-control and operational concepts to execute the mission, build a joint defensible network, and ensure Cybercom has the right policies and authorities that allow it to execute full-spectrum operations in cyberspace.
Making progress is important to Rogers, who characterized his ultimate goal as bringing Cybercom to a level where it’s every bit as trained and ready as any carrier strike group in the U.S. Central Command area of responsibility or any brigade combat team on the ground in Afghanistan.
“My objective during my time as the commander, first and foremost,” the admiral said, “is to ensure that we have brought to fruition the operational vision in cyber … [to make sure] it’s something real, it’s something tangible, and it is operationally ready to execute its assigned missions.”
That is happening as Cybercom brings its warfighting capability online, with the services generating a total cyber mission force of about 6,000 people by 2016, all trained to the same high standard and aligned in 133 teams with three core missions:
-- The Cyber National Mission Force, when directed, is responsible for defending the nation’s critical infrastructure and key resources.
-- The Cyber Combat Mission Force provides cyber support to combatant commanders across the globe; and
-- The Cyber Protection Force operates and defends the DoD information network, or DoDIN.
Defending the DoDIN is the focus of a partnership in progress with the Defense Information Systems Agency, or DISA.
The agency provides command and control and information-sharing capabilities and a globally accessible enterprise information infrastructure to warfighters, the president and national leaders, and other mission and coalition partners.
DISA, Rogers points out, is also a combat support agency.
The agency reports to acting DoD Chief Information Officer Terry Halvorsen, and its director is Air Force Lt. Gen. Ronnie D. Hawkins Jr.
“I have always believed … that we need to integrate operations and networks and our defensive workforce into one team,” Rogers said, “and that you are more effective in operating a network and in defending a network when you do it with one integrated approach.”
As a result, Rogers’ team decided they needed to create a relationship with DISA, he said, adding, “At the moment there’s no formal [command and control] line between us, but we’re in the process of creating one.”
As part of that process Rogers collaborates with Halvorsen and Hawkins.
“What I think we need to do,” he said during their meeting, “is create an operational construct that creates a direct linkage [between] U.S. Cyber Command, DISA and U.S. Cyber Command service components.”
It’s critical that the relationship includes the service components, Rogers said, “Because, under the current network structure today, those networks are largely run by [the] services. So we’ve got to create a relationship between DISA and the services that is very operational because you’ve got to maneuver networks, you’ve got to react to changes, and you can’t do that in a static kind of environment.”
He added, “We're in the process of doing that and I expect to roll it out in the fall. … You’ll hear it referred to as JFHQ DoDIN,” he said, or Joint Force Headquarters DoD Information Networks.
Rogers said that he, Halvorsen and Hawkins agree, this is the future of DISA.
“[DISA] will operate on the networks. They'll be part of our defensive effort so they will be out operating on the networks just like us,” he added.
“One of the core missions is the defense of the DoDIN,” Rogers said. “The forces associated with that mission will be assigned to DISA, to the services [and] to the combatant commanders.” So, he added, DISA will have operational control over some of the cyber mission force to help execute their mission.
Another of Rogers’ priorities for Cybercom is to help develop a common situational awareness of “what’s happening in DoD networks,” he said.
The commander highlighted the need for speed and agility in the cyber arena, adding, “If you can’t visualize what you’re doing … you’re not going to be fast or as agile, and thus arguably not as effective as you need to be.”
Rogers said, “As an operational commander I am used to the idea of walking into a command center, looking at a visual depiction that through symbology, color and geography enables me to very quickly come to a sense of what's happening in this space. We are not there yet in the cyber arena.”
Establishing situational awareness in the cyber realm is a combination of technology and capability, the admiral said, and determining what knowledge is needed and what elements contribute to that.
“Is what U.S. Cyber Command needs to know about what's going on in the network world the same thing as a strike group commander needs in the Western Pacific? The same thing an Air Force air wing needs in Minot, North Dakota? The same thing a brigade combat team needs in Afghanistan? It will vary, so we've got to create a system that you can tailor to the needs of each commander,” he said.
Rogers noted there are many ongoing efforts to improve situational awareness, pointing out the need to work collaboratively to fix the problem.
“We do have some tools right now,” he added. “They’re just not as mature and comprehensive as I'd like them to be.”
Cyber is foundational to the future, the admiral said, and he often comments to his fellow operational commanders that cyber is a mission they have to own.
“The wars of the 20th century taught most warfighting professionals that, no matter what you do, a good foundational knowledge of logistics is probably going to stand you in good stead,” Rogers explained.
In the 21st century, he added, operational commanders may find that, regardless of their mission, they will need a sense of what’s going on in their networks, where they’re taking risk, and the impact of network structure and activities on their ability to execute the mission.
“It’s not something you turn to your communications officer … or your CIO and say, ‘I don't really understand this. Go out and do some of that for me.’ That isn't going to get us where we need to go,” the admiral said.
Rogers elaborated on the need for Cybercom to be ready.
During his time as Cybercom commander, he said he expects that a nation-state, group or individual will attempt to engage in offensive, destructive capability against critical U.S. infrastructure, from the power grid to the financial sector.
The Presidential Policy Directive for Critical Infrastructure Security and Resilience outlines 16 designated U.S. Critical Infrastructure sectors.
Rogers says he tells his team they have to be ready to respond to such a call. But for an attack on the United States, Cybercom will support the Department of Homeland Security, which is the lead agency for broader security protections associated with critical infrastructure, and partner with the FBI, which is the lead agency for domestic attacks and law enforcement.
“Our biggest focus really is going to be bringing our capabilities to bear to attempt to interdict the attack before it ever gets to us,” the admiral said.
“Failing that,” he continued, “we'll probably also have some measure of capability that we can provide to work directly with those critical infrastructure networks to help address the critical vulnerabilities and where the networks could use stronger defensive capability.”
To prepare for such interagency collaboration in the event of a domestic cyberattack, the command trains as it will fight, Rogers said.
“In the military I'm used to the idea that you train like you fight. So we exercise [and] we replicate the things we think are going to occur in a combat scenario,” the admiral said. “I want to do the exact same thing with the same set of teammates I'm going to operate with if we get the order to do so.”
The department and Cybercom already do internal exercises, he said, as well as ongoing interagency exercises such as Cyber Guard, in which elements of the National Guard, reserves, NSA and Cybercom exercise their support to DHS and FBI responses to foreign-based attacks on simulated critical infrastructure networks.
The whole-of-government exercise, completed June 17, was designed to test operational and interagency coordination and tactical-level operations to prevent, mitigate and recover from a domestic cyber incident.
Cyber Guard is a good example, Rogers said, “but I want to build on that. DHS and FBI were there but I think we can do even more.”
Information sharing and partnerships with the critical infrastructure sectors is an important aspect of enabling Cybercom to more effectively interdict and stop an attack, if directed to do so by the president and defense secretary, he added.
The cyber threat is growing increasingly complex, the Cybercom commander said, and a more diverse set of actors is involved in the mission set, “from nation-states that continue to increase their capabilities, to groups, to individuals.”
In broad terms, he added, “you don’t see a crisis in the world today that doesn’t have a cyber aspect to it.”
For that reason and others, the ultimate construct of Cybercom must be flexible, the admiral said.
“If you want to develop full-range capabilities and generate the maximum flexibility for their application, you’ve got to build a construct that recognizes we’re going to be supported sometimes, we’re going to be supporting other times, and sometimes we’re going to be doing both simultaneously,” Rogers said.
In one scenario Cybercom might be helping the commander in the Pacific, he said, and “at the same time we might be driving efforts to secure the U.S. financial infrastructure … and trying to support U.S. Central Command.
“It’s just the nature of things,” Rogers said, “because cyber is so global and so foundational.”
Saturday, June 29, 2013
GEN. DEMPSEY SAYS CYBERCOM BECOMMING MORE PROMINENT
FROM: U.S. DEPARTMENT OF DEFENSE
Dempsey: Cybercom Likely to Continue Gaining Prominence
By Claudette Roulo
American Forces Press Service
WASHINGTON, June 27, 2013 - U.S. Cyber Command, currently a subunified command under U.S. Strategic Command, likely will one day become a separate command, the chairman of the Joint Chiefs of Staff said here today.
Noting that the cyber threat will only continue to grow, Army Gen. Martin E. Dempsey told attendees at a Brookings Institution forum that he anticipates a day when operations in cyberspace become a dominant factor in military operations.
"But, at this point, Stratcom, with its global reach responsibilities, as well as its space responsibilities, is also able to manage the workload that comes with being the next senior headquarters to Cybercom," the chairman said. "I'm actually content [with] the way we're organized right now."
The chairman noted that the national effort to protect critical civilian infrastructure lags behind the military's efforts to secure its own networks, largely because information about cyber threats isn't being shared with the government.
"Right now, threat information primarily runs in one direction: from the government to operators of critical infrastructure," he said. Changing this will require legislation, he added.
The nation's top military officer said he's confident that indicators of an impending attack can be shared in a way that preserves the privacy, anonymity, and civil liberties of network users.
Cybercom will assume a new importance when that conduit opens, the chairman said. "If we get the kind of information sharing we need, that could be a catalyst for changing the organization, because the span and scope of responsibility will change," he explained.
Dempsey: Cybercom Likely to Continue Gaining Prominence
By Claudette Roulo
American Forces Press Service
WASHINGTON, June 27, 2013 - U.S. Cyber Command, currently a subunified command under U.S. Strategic Command, likely will one day become a separate command, the chairman of the Joint Chiefs of Staff said here today.
Noting that the cyber threat will only continue to grow, Army Gen. Martin E. Dempsey told attendees at a Brookings Institution forum that he anticipates a day when operations in cyberspace become a dominant factor in military operations.
"But, at this point, Stratcom, with its global reach responsibilities, as well as its space responsibilities, is also able to manage the workload that comes with being the next senior headquarters to Cybercom," the chairman said. "I'm actually content [with] the way we're organized right now."
The chairman noted that the national effort to protect critical civilian infrastructure lags behind the military's efforts to secure its own networks, largely because information about cyber threats isn't being shared with the government.
"Right now, threat information primarily runs in one direction: from the government to operators of critical infrastructure," he said. Changing this will require legislation, he added.
The nation's top military officer said he's confident that indicators of an impending attack can be shared in a way that preserves the privacy, anonymity, and civil liberties of network users.
Cybercom will assume a new importance when that conduit opens, the chairman said. "If we get the kind of information sharing we need, that could be a catalyst for changing the organization, because the span and scope of responsibility will change," he explained.
Monday, March 18, 2013
CYBERCOMMAND ON OFFENSE AND DEFENSE
Credit: U.S. Navy. |
Cybercom Builds Teams for Offense, Defense in Cyberspace
By Cheryl Pellerin
American Forces Press Service
WASHINGTON, March 12, 2013 - As escalating rounds of exploits and attacks mar the strategic landscape of cyberspace, U.S. Cyber Command is standing up a highly trained cadre focused on national defense in that domain, the Cybercom commander told Congress today.
Army Gen. Keith B. Alexander told the Senate Armed Services Committee that the command is developing teams that will protect the nation's interests in cyberspace, along with tactics, techniques and procedures, and doctrine describing how the teams will work in that environment.
"These defend-the-nation teams are not defensive teams, these are offensive teams that the Defense Department would use to defend the nation if it were attacked in cyberspace," said Alexander, who also serves as National Security Agency director. "Thirteen of the teams we're creating are for that mission set alone. We're also creating 27 teams that would support combatant commands and their planning process for offensive cyber capabilities."
Cybercom also has a series of teams that will defend DOD networks in cyberspace, the general said.
The intent at Cybercom is to stand up roughly one-third of the teams by September, the next third by September 2014, and the final third by September 2015, he added.
"Those three sets of teams are the core construct for what we're working on with the services to develop our cyber cadre," he said, adding that the effort is on track thanks to efforts by the service chiefs, who are pushing the initiative.
Training is key to the teams' development, the general said. "The most important partnership we have with NSA and others is in ensuring that training standards are at the highest level," he added.
Alexander told the panel that, from Cybercom's perspective, the environment on the strategic landscape of cyberspace is becoming more contentious.
"Cyber effects are growing. We've seen attacks on Wall Street -- 140 over the last six months -- grow significantly. In August, we saw a destructive attack on Saudi Aramco, where data on over 30,000 systems was destroyed," he said.
In industry, the antivirus community of companies believes attacks will increase this year, Alexander said, "and there's a lot we need to do to prepare for this."
The general said command and control is an important part of Cybercom's cyber strategy. Combatant commands and service chiefs are looking at the command and control of working together, he said.
"We've done a lot of work on that, and have ironed out how the joint cyber centers at each combatant command will work with Cyber Command, how we push information back and forth, and how we'll have operational and direct support of teams operating in their areas," Alexander said. "We'll have more to do on this as the teams come online."
Another important part of the strategy is situational awareness, the general said, or seeing an attack unfold in cyberspace.
"Today, seeing that attack is almost impossible for the Defense Department," he said. "We would probably not see an attack on Wall Street -- it's going to be seen by the private sector first, and that [highlights] a key need for information sharing."
Such sharing has to be real-time from Internet service providers to the Defense Department, the Department of Homeland Security and the FBI, all at the same time, the general said.
"If we're going to see [an attack] in time to make a difference, we have to see it in real time," he said. And companies that are sharing the information with the Defense Department have to have protection against privacy lawsuits from customers and other potential liabilities, he added.
Legislation that would have provided some of these protections along with a national cybersecurity framework failed to pass the Senate in August, and in an Executive Order signed Feb. 12, President Barack Obama directed federal departments and agencies to use existing authorities to provide better cybersecurity for the nation.
"The Executive Order issued last month is a step in the right direction, but it does not take away the need for cyber legislation," Alexander said, pointing out that that civil liberties, oversight and compliance are critical for Cyber Command and NSA in operating in cyberspace.
"We take that requirement sincerely and to heart, ... [and] we can do both -- protect civil liberties and privacy and protect our nation in cyberspace," he said. "That's one of the things we need to educate the American people about."
Cyber Command experts also are building an operational picture the command would share with combatant commands, the DHS, the FBI and other national leaders, and the command also is working hard on authorities and policies related to DOD activities in cyberspace, Alexander said.
"This is a new area for many of our folks, especially within the administration, within Congress and for the American people," he acknowledged. "We're being cautious in ensuring that we're doing that exactly right and sharing the information we have with Congress."
No one actor, the general added, "is to blame for our current level of preparedness in cyberspace."
"We must address this as a team, sharing unique insights across government and with the private sector," he added. "We must leverage the nation's ingenuity through an exceptional cyber workforce and rapid technological innovation."
The U.S. government has made significant strides in defining cyber doctrine, organizing cyber capabilities and building cyber capacity, Alexander told the panel.
"We must do much more to sustain our momentum," he added, "in an environment where adversary capabilities continue to evolve as fast as or faster than our own."
Sunday, November 11, 2012
GOVERNMENT, INDUSTRY, ALLIES NEED TO WORK TOGETHER FOR CYBERSECURITY
GEN Keith B. Alexander United States Army |
Cybersecurity Involves Federal, Industry Partners, Allies
By Cheryl Pellerin
American Forces Press Service
WASHINGTON, Nov. 8, 2012 - The $110 billion-a-year cyber economy has never been more vulnerable to crime and other threats, and securing the Internet against attacks demands the expertise of government agencies, industry and allies, the commander of U.S. Cyber Command said here yesterday.
Army Gen. Keith B. Alexander, Cybercom chief and director of the National Security Agency, spoke before a large audience at the Symantec 2012 Government Symposium.
The symposium examines a fundamental question: How to protect sensitive information while enabling collaboration across jurisdictions, nations, citizens and the private sector?
"Government ... operations depend on the network. If we lose that network we can't communicate, [and] ... what happens when [adversaries] disrupt our network or the power grid or our banking institutions?" Alexander said, adding that the U.S. must work with its partners in industry and its allies to solve the problem.
"Many will ask about the roles of [the National Security Agency and Cybercom] in this, and how can we ensure civil liberties and privacy [as well as] the security of cyberspace? We can do both," he said.
One of the first things industry and government must decide is how to make sure all companies involved in U.S. critical infrastructure -- including financial and information services and the defense industrial base -- institute the highest possible levels of computer security.
"How many companies in the United States and among our allies are at this level?" Alexander asked.
"We actually do inspections," he added. "We inspect our government networks to see how many are at 100 percent. And the answer is, very few."
Companies in some sectors, like banking and the high end of the defense industrial base, are "right there at the top" of computer security, the general said.
"Then you go out to some companies that are being [attacked by adversaries in cyberspace] and they don't know what the threat looks like nor what they should do, and some of them are in critical infrastructure," he added.
Nobody wants to make such an effort hard, costly or bureaucratic, Alexander said.
"The question is how do we help them?" he said. "What's the right forum for government and industry to work together to help those companies get to the right level of security?"
Another imperative for government-industry collaboration involves gaps in computer security exploited by what are called "zero-day" attacks -- those that exploit vulnerabilities in computer applications.
Eventually, patches are created to plug the security holes, but not before adversaries have entered and damaged the network or stolen intellectual property.
Alexander used an analogy to explain how Cybercom or the NSA could help industry identify what the general called "bad packets," or those that carry destructive payloads out on the Internet.
"Internet service providers see packets out there. We want them to be able to see bad packets and do something about them. We'll have [an examination process] for every packet. And we'll say, 'Did you see a bad packet in the network? Tell us where it's coming from and going to, and stop it because [it's carrying] a destructive payload,'" the general explained.
"When they see that bad packet, we don't need to know what was in the communications," he added. "All we need to know is a dangerous packet went from point A to point B right now, and that we may need to act."
The federal government "is not looking at the traffic," Alexander said.
"Industry is looking at the traffic and they have to do that to own and operate these networks. We're going to help them with signatures and other things, and they need to tell us when they need our help. But it's got to be done in time for us to help, and that's part of the key issue."
At Cybercom, the general said, experts are training the cyber workforce of the future, determining roles and responsibilities of the federal agencies involved in cybersecurity and exploring a defensible architecture for the Defense Department.
"The DOD architecture, in my opinion, is not defensible per se. We're doing our best to defend it, but we've made this really hard," Alexander said. The department has 15,000 enclaves, each run by separate system administrators and each with its own firewalls, he added.
"What that means is we need to come up with a defensible architecture," the general said, adding that "a ... virtual cloud is key to our success for a couple of areas for the Defense Department," including for a growing number of mobile users.
Cybercom and other agencies are also working on issues related to their authority to respond to a problem, Alexander said.
The key question, he added, is what can the Department of Homeland Security, the FBI, Cybercom and the NSA do to defend the country against a cyberattack, and when can they do it?
Alexander said that he, DHS Secretary Janet Napolitano, and FBI Director Robert S. Mueller III "have laid out lanes in the road for the government entities."
The FBI is responsible for investigation, attribution and domestic problems. DHS is responsible, along with partners like NSA, the National Institute for Standards and Technology and the SANS Institute, for cybersecurity standards.
NSA and Cybercom have a couple of roles and responsibilities, Alexander said, including foreign intelligence.
"NSA has the best folks in the world," the general said. "They have special skills and we want to leverage those skills to help secure cyberspace for our country and for our allies."
Cybercom's role "is not only to operate and defend DOD networks but to defend the country," he said, noting Cybercom would step in if America came under cyberattack.
In the meantime, the general said, he's concerned that attacks like the destructive August attack on computers at Saudi Arabia's government-owned oil company Aramco are happening and "we're spending a lot of time talking about what we should do and when we should do it."
While there is still time, he said, "while you're all in the room together with us ... we ought to argue it out just like we did in the election [on Tuesday], come to a solution and then get going."
Subscribe to:
Posts (Atom)