USA — Cyber Command Synchronizes Services’ Efforts

WASHINGTON, July 9, 2010 — Lead­ers of the new U.S. Cyber Com­mand have a long to-do list in cre­at­ing cen­tral over­sight for the military’s com­put­er net­works, includ­ing syn­chro­niz­ing what the ser­vices already have in place, offi­cials said yes­ter­day.

Lead­ers still are work­ing through the basic con­structs for the command’s mis­sion: What con­sti­tutes a “cyber attack?” When is law enforce­ment called? At what point does the Home­land Secu­ri­ty Depart­ment take over? That’s accord­ing to mil­i­tary and fed­er­al civil­ian lead­ers who spoke at a cyber­se­cu­ri­ty sym­po­sium here spon­sored by the Wash­ing­ton chap­ter of the Armed Forces Com­mu­ni­ca­tions and Elec­tron­ics Asso­ci­a­tion.

“We have lots of deci­sions to make in the cyber domain,” Navy Vice Adm. Carl V. Mauney, deputy com­man­der of U.S. Strate­gic Com­mand, said. Cyber Com­mand, which stood up in May, is a Strat­com sub­com­mand.

The military’s rapid­ly grow­ing depen­dence on net­work com­mu­ni­ca­tions, and the risk asso­ci­at­ed with it, has pushed the issue well beyond infor­ma­tion tech­nol­o­gy help desks, Mauney said.

“We can no longer approach this as an IT issue,” he said. “Our net­works are the com­man­ders’ busi­ness, just as they are a CEO’s busi­ness.

“We need to be pre­pared for our net­works to con­tin­ue to oper­ate in the face of a com­put­er net­work attack,” he added. “It’s not about hun­ker­ing down behind a fire­wall. It’s about the mil­i­tary being able to do the job they are called upon to do.”

Cyber Command’s require­ments, Mauney said, are sol­id net­work aware­ness, a con­ver­gence of oper­a­tions and pol­i­cy, and a shared sense of nation­al secu­ri­ty objec­tives.

Air Force Maj. Gen. Suzanne “Zan” Vautrinot, Cybercom’s direc­tor of plans and pol­i­cy, said com­mand lead­ers must ensure that all cyber ele­ments — includ­ing secu­ri­ty, pri­va­cy and capac­i­ty – are account­ed for. “It’s not a bal­ance. It’s a syn­er­gy of all the things it brings togeth­er,” she said.

Vautrinot not­ed that “nobody here has one job.” Those who lead each of the ser­vices’ cyber oper­a­tions are now “dual-hat­ted” to Cyber Com­mand, she said.

Air Force Brig. Gen. Gre­go­ry L. Brun­didge, deputy direc­tor of cyber for U.S. Euro­pean Com­mand, said it is crit­i­cal for the ser­vices to “har­mo­nize” their efforts. “The time we used to have to fig­ure things out, we don’t have that in cyber war­fare,” he said. “These are things that hap­pen in sec­onds and not hours, days, weeks and months.”

In his first six months deployed to Iraq, Brun­didge said, “we were fight­ing to get infor­ma­tion because every­one was report­ing up through their own ser­vices. If there is one les­son we’ve learned over the years, it’s that any­thing that brings our efforts clos­er togeth­er and har­mo­nizes things is going to get us much far­ther along in our jour­ney.

“What we’re all grap­pling with today is how … we bring all these things togeth­er that we have cre­at­ed in our own cocoons,” he said.

Marine Corps Maj. Gen. George J. Allen said cen­tral­iza­tion of cyber oper­a­tions has been good for the Corps, but that region­al help desks are being cre­at­ed to respond more quick­ly. Four ser­vice cen­ters are oper­a­tional, and four more are being built, he said.

“I can’t have a guy at [Marine Corps Base] Quan­ti­co [in Vir­ginia] telling guys at [Camp] Leje­une [in North Car­oli­na] what to do,” Allen said. “The help has to be on site. We need to respond much more rapid­ly.”

Maj. Gen. Paul F. Capas­so, chief infor­ma­tion offi­cer of the Air Force, not­ed that cyber war­fare has many mov­ing parts and cross­es many dis­ci­plines.

“We are mak­ing strides, but we’re not there yet,” he said. “We are in unchar­tered ter­ri­to­ry when comes to cyber law, cyber pol­i­cy and cyber doc­trine.”

As an exam­ple, Capas­so said, “I don’t think you’ll find one agreed-upon def­i­n­i­tion of cyber war­fare. Those basic def­i­n­i­tions and key con­structs are some­thing we’re work­ing very hard on.”

As for main­tain­ing secu­ri­ty, Mauney said, that means ensur­ing every com­put­er user fol­lows “good net­work hygiene.”

“This is about set­ting peo­ple to high stan­dards, and main­tain­ing those stan­dards,” Mauney said. Like hand wash­ing, he said, “it should be sec­ond nature to every­one oper­at­ing on the net.”

Allen said his biggest con­cern in cyber is edu­cat­ing all users about risks. Young peo­ple who have grown up with the Inter­net some­times aren’t cau­tious enough, such as some Marines who have post­ed their deploy­ment dates on Face­book, he said.

“Our biggest prob­lem is … the dig­i­tal natives who are very com­fort­able with YouTube and oth­er things who don’t under­stand the threats behind it,” Allen said. “That’s not their fault — that’s our fault. It’s a mat­ter of edu­cat­ing them.”

Even after Cyber Com­mand is ful­ly oper­a­tional, Mauney said, its staff will need to be flex­i­ble to change. “As the secu­ri­ty envi­ron­ment changes – and we know it will – we’ll have to change how we do busi­ness,” he said.

U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs)