DOD Reviews Cyberspace Rules of Engagement

WASHINGTON, March 20, 2012 — Whether by land, sea or air, Defense Depart­ment lead­ers have long craft­ed rules of engage­ment to deter­mine how, where and when they can attack the ene­my. They expect soon to com­plete the same for their newest domain: cyber­space, the assis­tant sec­re­tary of defense for glob­al strate­gic affairs said today.

“We are work­ing close­ly with the Joint Staff on the imple­men­ta­tion of a tran­si­tion­al com­mand-and-con­trol mod­el for cyber­space oper­a­tions” while review­ing exist­ing rules of engage­ment, Made­lyn R. Cree­don told the House Armed Ser­vices Committee’s sub­com­mit­tee on emerg­ing threats and capa­bil­i­ties.

Tere­sa M. Takai, DOD’s chief infor­ma­tion offi­cer, and Army Gen. Kei­th Alexan­der, com­man­der of U.S. Cyber Com­mand, joined Cree­don at the hear­ing.

“This inter­im frame­work,” Cree­don told the pan­el, “will stan­dard­ize exist­ing orga­ni­za­tion­al struc­tures and com­mand rela­tion­ships across the depart­ment for the appli­ca­tion of the full spec­trum of cyber­space capa­bil­i­ties.”

Describ­ing DOD’s strate­gies for oper­at­ing in cyber­space, Cree­don said the depart­ment main­tains more than 15,000 net­work enclaves and 7 mil­lion com­put­ing devices in instal­la­tions around the globe.

DOD con­tin­ues to devel­op effec­tive strate­gies for ensur­ing the Unit­ed States is pre­pared for all cyber con­tin­gen­cies along the entire spec­trum,” she added, “from peace to cri­sis to war.”

In times of fis­cal con­straint, Cree­don said, DOD also is tak­ing advan­tage of effi­cien­cies pro­vid­ed by infor­ma­tion tech­nol­o­gy advances.

“The depart­ment has been work­ing around the clock, often in close coop­er­a­tion with the Depart­ment of Home­land Secu­ri­ty and oth­er agen­cies,” she said, to pro­tect the nation from cyber threats that include the theft of intel­lec­tu­al prop­er­ty, as well as dam­age to the defense indus­tri­al base, the econ­o­my and nation­al secu­ri­ty.

The depart­ment hit a “sig­nif­i­cant mile­stone” last July with the release of its first strat­e­gy for oper­at­ing in cyber­space, Cree­don said. The doc­u­ment builds on Pres­i­dent Barack Obama’s Inter­na­tion­al Strat­e­gy for Cyber­space and the DOD Qua­dren­ni­al Defense Review, and guides the department’s mil­i­tary, busi­ness and intel­li­gence activ­i­ties in cyber­space in sup­port of nation­al inter­ests, she said.

The DOD works close­ly with col­leagues in the depart­ments of Home­land Secu­ri­ty, Jus­tice, State, Trea­sury, Com­merce and oth­er agen­cies, she added, and pur­sues bilat­er­al and mul­ti­lat­er­al engage­ments to enhance secu­ri­ty and devel­op norms of behav­ior in cyber­space.

Takai told the pan­el that DOD’s $37 bil­lion infor­ma­tion tech­nol­o­gy bud­get request for fis­cal year 2013 includes a range of IT invest­ments, includ­ing $3.4 bil­lion for cyber secu­ri­ty efforts to pro­tect infor­ma­tion, infor­ma­tion sys­tems and net­works against known cyber vul­ner­a­bil­i­ties.

It also includes $182 mil­lion for Cyber Com­mand for cyber net­work defense, cryp­to­graph­ic sys­tems, com­mu­ni­ca­tions secu­ri­ty, net­work resilien­cy, work­force devel­op­ment, and devel­op­ment of cyber secu­ri­ty stan­dards and tech­nolo­gies depart­ment-wide.

Among efforts to improve effec­tive­ness and effi­cien­cy, Takai explained, “is con­sol­i­da­tion of the department’s IT infra­struc­ture, net­works, com­put­ing ser­vices, data cen­ters, appli­ca­tion and data ser­vices, while simul­ta­ne­ous­ly improv­ing the abil­i­ty to defend that infra­struc­ture against grow­ing cyber threats.”

Her office is lead­ing the imple­men­ta­tion of the ini­tia­tives, the chief infor­ma­tion offi­cer added, “but it is impor­tant that we work close­ly with the ser­vices, Joint Staff and U.S. Cyber Com­mand to more aggres­sive­ly mod­ern­ize our over­all infor­ma­tion sys­tems.”

A pil­lar of that mod­ern­iza­tion is a move to a sin­gle, joint net­work archi­tec­ture, Takai said, allow­ing DOD and Cyber Com­mand bet­ter vis­i­bil­i­ty into net­work activ­i­ty and bet­ter defense against cyber attacks.

Indi­vid­u­al­ly, she said, the ser­vices and agen­cies have tak­en action to bet­ter posi­tion the infor­ma­tion enter­prise and secu­ri­ty pos­ture.

The depart­ment has made sig­nif­i­cant progress in sev­er­al areas, Takai said. One effort involved deploy­ing a mod­u­lar sys­tem called a host-based secu­ri­ty sys­tem that enhances sit­u­a­tion­al aware­ness of the net­work and improves the abil­i­ty to detect, diag­nose and react to cyber intru­sions.

“We’ve also tak­en the lead in assess­ing the risk of the glob­al sup­ply chain to our crit­i­cal infor­ma­tion and com­mu­ni­ca­tions tech­nol­o­gy,” Takai added, and has insti­tut­ed a suc­cess­ful defense indus­tri­al base cyber secu­ri­ty and infor­ma­tion assur­ance pro­gram.

Alexan­der said cyber defense requires con­tri­bu­tions not only from DOD, but from Home­land Secu­ri­ty, the FBI, and the Defense Infor­ma­tion Sys­tems Agency — “all key part­ners in help­ing us do our cyber mis­sion.”

Cyber space is becom­ing more dan­ger­ous, he added.

“The intel­li­gence community’s world­wide threat brief to Con­gress in Jan­u­ary raised cyber threats to just behind ter­ror­ism and [nuclear] pro­lif­er­a­tion in its list of the biggest chal­lenges fac­ing the nation.”

The task of assur­ing cyber­space access, the gen­er­al said, “has drawn the atten­tion of our nation’s most senior lead­ers over the last year and their deci­sions have helped to clar­i­fy what we can and must do about devel­op­ments that great­ly con­cern us.”

Cyber Com­mand is specif­i­cal­ly charged with direct­ing the secu­ri­ty, oper­a­tion and defense of DOD’s infor­ma­tion sys­tems, he added, “but our work and actions are affect­ed by threats well out­side DOD net­works … threats the nation can­not afford to ignore.”

Dan­gers are not some­thing new in cyber­space.

“Nation-state actors in cyber­space are rid­ing a tide of crim­i­nal­i­ty,” the gen­er­al said. “Sev­er­al nations have turned their resources and pow­er against us and for­eign busi­ness­es and enter­pris­es, even those that man­age crit­i­cal infra­struc­ture in this coun­try, and oth­ers.”

For the pan­el, Alexan­der described five key areas Cyber Com­mand is work­ing on:

— Build­ing the enter­prise and train­ing the force;

–Devel­op­ing a defen­si­ble archi­tec­ture;

–Get­ting author­i­ties need­ed to oper­ate in cyber­space;

–Set­ting the team­work prop­er­ly across U.S. gov­ern­ment agen­cies; and

–Cre­at­ing a con­cept of oper­a­tions for oper­at­ing in cyber­space.

“I think we’re mak­ing progress,” Alexan­der said, “but … the risks that face our coun­try are grow­ing faster than our progress and we have to work hard on that.”

Source:
U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs)

Team GlobDef

Team GlobDef

Seit 2001 ist GlobalDefence.net im Internet unterwegs, um mit eigenen Analysen, interessanten Kooperationen und umfassenden Informationen für einen spannenden Überblick der Weltlage zu sorgen. GlobalDefenc.net war dabei die erste deutschsprachige Internetseite, die mit dem Schwerpunkt Sicherheitspolitik außerhalb von Hochschulen oder Instituten aufgetreten ist.

Alle Beiträge ansehen von Team GlobDef →