WASHINGTON, July 9, 2010 — Leaders of the new U.S. Cyber Command have a long to-do list in creating central oversight for the military’s computer networks, including synchronizing what the services already have in place, officials said yesterday.
Leaders still are working through the basic constructs for the command’s mission: What constitutes a “cyber attack?” When is law enforcement called? At what point does the Homeland Security Department take over? That’s according to military and federal civilian leaders who spoke at a cybersecurity symposium here sponsored by the Washington chapter of the Armed Forces Communications and Electronics Association.
“We have lots of decisions to make in the cyber domain,” Navy Vice Adm. Carl V. Mauney, deputy commander of U.S. Strategic Command, said. Cyber Command, which stood up in May, is a Stratcom subcommand.
The military’s rapidly growing dependence on network communications, and the risk associated with it, has pushed the issue well beyond information technology help desks, Mauney said.
“We can no longer approach this as an IT issue,” he said. “Our networks are the commanders’ business, just as they are a CEO’s business.
“We need to be prepared for our networks to continue to operate in the face of a computer network attack,” he added. “It’s not about hunkering down behind a firewall. It’s about the military being able to do the job they are called upon to do.”
Cyber Command’s requirements, Mauney said, are solid network awareness, a convergence of operations and policy, and a shared sense of national security objectives.
Air Force Maj. Gen. Suzanne “Zan” Vautrinot, Cybercom’s director of plans and policy, said command leaders must ensure that all cyber elements — including security, privacy and capacity – are accounted for. “It’s not a balance. It’s a synergy of all the things it brings together,” she said.
Vautrinot noted that “nobody here has one job.” Those who lead each of the services’ cyber operations are now “dual-hatted” to Cyber Command, she said.
Air Force Brig. Gen. Gregory L. Brundidge, deputy director of cyber for U.S. European Command, said it is critical for the services to “harmonize” their efforts. “The time we used to have to figure things out, we don’t have that in cyber warfare,” he said. “These are things that happen in seconds and not hours, days, weeks and months.”
In his first six months deployed to Iraq, Brundidge said, “we were fighting to get information because everyone was reporting up through their own services. If there is one lesson we’ve learned over the years, it’s that anything that brings our efforts closer together and harmonizes things is going to get us much farther along in our journey.
“What we’re all grappling with today is how … we bring all these things together that we have created in our own cocoons,” he said.
Marine Corps Maj. Gen. George J. Allen said centralization of cyber operations has been good for the Corps, but that regional help desks are being created to respond more quickly. Four service centers are operational, and four more are being built, he said.
“I can’t have a guy at [Marine Corps Base] Quantico [in Virginia] telling guys at [Camp] Lejeune [in North Carolina] what to do,” Allen said. “The help has to be on site. We need to respond much more rapidly.”
Maj. Gen. Paul F. Capasso, chief information officer of the Air Force, noted that cyber warfare has many moving parts and crosses many disciplines.
“We are making strides, but we’re not there yet,” he said. “We are in unchartered territory when comes to cyber law, cyber policy and cyber doctrine.”
As an example, Capasso said, “I don’t think you’ll find one agreed-upon definition of cyber warfare. Those basic definitions and key constructs are something we’re working very hard on.”
As for maintaining security, Mauney said, that means ensuring every computer user follows “good network hygiene.”
“This is about setting people to high standards, and maintaining those standards,” Mauney said. Like hand washing, he said, “it should be second nature to everyone operating on the net.”
Allen said his biggest concern in cyber is educating all users about risks. Young people who have grown up with the Internet sometimes aren’t cautious enough, such as some Marines who have posted their deployment dates on Facebook, he said.
“Our biggest problem is … the digital natives who are very comfortable with YouTube and other things who don’t understand the threats behind it,” Allen said. “That’s not their fault — that’s our fault. It’s a matter of educating them.”
Even after Cyber Command is fully operational, Mauney said, its staff will need to be flexible to change. “As the security environment changes – and we know it will – we’ll have to change how we do business,” he said.
U.S. Department of Defense
Office of the Assistant Secretary of Defense (Public Affairs)