General Cites Cyber Domain Challenges

WASHINGTON, Oct. 19, 2011 — Space and cyber­space are grow­ing in strate­gic impor­tance as oth­er nations increase their capa­bil­i­ties, the chief of U.S. Strate­gic Com­mand told defense reporters here yes­ter­day.

A recent exam­ple of cyber threats fac­ing the Defense Depart­ment is a com­put­er virus that affect­ed a stand-alone ground con­trol sys­tem for the nation’s drone fleet based at Nevada’s Creech Air Force Base, accord­ing to Strat­com com­man­der Air Force Gen. C. Robert “Bob” Kehler.

The virus was not tar­get­ed at the drone fleet but entered “from the wild,” Kehler said, adding the pre­cise means of infec­tion is still under inves­ti­ga­tion.

Strat­com sys­tems detect­ed the virus, quar­an­tined it, and it had lit­tle to no impact on oper­a­tions, he not­ed.

Both acci­den­tal and tar­get­ed attacks on DOD net­works are on the rise, the gen­er­al said.

“The trend is that we see mul­ti­ple, delib­er­ate attempts to try to get into our net­works almost dai­ly,” he said.

Based at Offutt Air Force Base near Oma­ha, Neb., Strat­com serves as U.S. Cyber Command’s head­quar­ters, and also over­sees the nation’s mis­sile defense, and glob­al strike and space oper­a­tions, as well as com­bat­ing weapons of mass destruc­tion.

The Strat­com mis­sion set touch­es that of every oth­er com­bat­ant com­mand, Kehler said, not­ing that there are vital link­ages between mil­i­tary and com­mer­cial infor­ma­tion net­works in areas like trans­porta­tion and logis­tics.

“The Inter­net is most­ly in the com­mer­cial and civ­il domains … but we use it,” he said.

Per­fect defense of all net­works is prob­a­bly not achiev­able, but “mis­sion assur­ance is some­thing that we must achieve,” Kehler said.

The Defense Depart­ment has made great progress in cyber defense, but “some­times … the more you know, the worse you look,” he said.

In the past, some attacks may have gone unde­tect­ed, the gen­er­al explained, but defense offi­cials are “far more aware today of the things that are hap­pen­ing to us, and we are tak­ing strides to deal with the real­i­ties of oper­at­ing in cyber­space.”

Robust pro­tec­tions are in place on the “dot mil” domain and defense offi­cials have begun a pilot pro­gram that extends some of those safe­guards to defense indus­tries, he not­ed.

A fun­da­men­tal issue in cyber domain oper­a­tions is defin­ing what an attack is, and devel­op­ing a legal frame­work, doc­trine and rules of engage­ment for those oper­a­tions, Kehler said.

“In oth­er domains … rules of engage­ment are based on things like hos­tile intent,” he said. “Much of what we see on our net­works or at our bound­aries, at our fire­walls, I’m not sure you could describe as an attack.”

Cyber­space threats include preda­tors, van­dals and spies, not all of whom are attack­ers by nation­al secu­ri­ty terms, Kehler said.

He not­ed much of the hos­tile activ­i­ty on DOD’s net­works involves attempts to steal indus­tri­al or mil­i­tary secrets.

“The word ‘attack’ makes it sound as though peo­ple are try­ing to take our sys­tems down every day, and that’s not the case,” the gen­er­al said.

Attempts to exploit mil­i­tary infor­ma­tion or dis­rupt net­work activ­i­ties could evolve into destruc­tive attacks, Kehler said.

The Unit­ed States has a mil­i­tary edge in cyber­space, but oth­er nations pos­sess “very sophis­ti­cat­ed” capa­bil­i­ties in that domain, he said.

An impor­tant ques­tion being asked inside the Defense Depart­ment, Kehler said, is how to retain that edge as the glob­al pop­u­la­tion gets smarter in cyber­space.

“I think there’s a great ques­tion for us that goes all the way into our edu­ca­tion sys­tem [and] our uni­ver­si­ty sys­tem,” the gen­er­al said. “Can we, as a nation, pro­vide the where­with­al in the infor­ma­tion age to main­tain a nation­al secu­ri­ty advan­tage, like we did in the indus­tri­al age?”

“I don’t know that we quite have the answer yet,” he added.

U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs)