USA — Lynn Notes Cyber Command’s Significance

WASHINGTON — Deputy Defense Sec­re­tary William J. Lynn III called the estab­lish­ment of U.S. Cyber Com­mand at Fort Meade, Md., today a mile­stone in the Unit­ed States being able to con­duct full-spec­trum oper­a­tions in a new domain.

Lynn spoke to reporters in his office before attend­ing the stand-up of the com­mand. Dur­ing the cer­e­mo­ny, Army Gen. Kei­th Alexan­der, Cyber Command’s top offi­cer, pinned on his fourth star and uncased the col­ors of the new com­mand.

The com­mand is the lat­est in a series of steps that will bet­ter pro­tect mil­i­tary net­works, Lynn said, as it com­bines a con­fed­er­a­tion of task forces into a for­mal sub-uni­fied com­mand.

Cyber Com­mand will report to U.S. Strate­gic Com­mand based at Offutt Air Force Base, Neb. Lynn has led the effort to stand up the com­mand since Defense Sec­re­tary Robert M. Gates direct­ed its estab­lish­ment almost a year ago.

The new com­mand will cen­tral­ize cyber­space oper­a­tions. The cyber domain, Lynn said, is as impor­tant as the land, sea, air and space domains to the U.S. mil­i­tary, and pro­tect­ing mil­i­tary net­works is cru­cial to the Defense Department’s suc­cess on the bat­tle­field.

The U.S. mil­i­tary is more depen­dent than any oth­er mil­i­tary on infor­ma­tion tech­nol­o­gy, and that is a major rea­son why the U.S. mil­i­tary is the best in the world, Lynn said. The mil­i­tary must be able to pro­tect its com­put­er net­works and must ensure free­dom of move­ment in the domain to be able to oper­ate on net­works around the world, he added.

“We want to be able to main­tain those advan­tages and pro­tect the mil­i­tary mis­sions, and that is the main mis­sion of Cyber Com­mand – it is to pro­tect the mil­i­tary net­works,” the deputy sec­re­tary said. “It will have a role, though, in pro­tect­ing the government’s net­works and crit­i­cal infra­struc­ture.”

Cyber Com­mand draws exist­ing cyber capa­bil­i­ties and places them under one orga­ni­za­tion­al struc­ture, Lynn said. And with a four-star gen­er­al in com­mand, he not­ed, Cyber Com­mand can deal with the com­bat­ant com­mands on an equal basis.

“It will be the place where the Depart­ment of Home­land Secu­ri­ty will come to on cyber­se­cu­ri­ty mat­ters,” Lynn said. “And it will help ratio­nal­ize the inter­a­gency process.”

About 1,000 peo­ple will work at Cyber Com­mand at Fort Meade, most shift­ing over from exist­ing task forces. The ser­vices will pro­vide their cyber orga­ni­za­tions: Army Forces Cyber Com­mand, the 24th Air Force, the 10th Fleet and Marine Forces Cyber Com­mand.

How the com­mand will imple­ment poli­cies remains to be seen, Lynn said, because cyber capa­bil­i­ties have out­paced pol­i­cy. How­ev­er, “sub­stan­tial progress” has been made in cer­tain areas, he said.

Today marks the command’s attain­ment of ini­tial oper­a­tions capa­bil­i­ty. Full capa­bil­i­ty is set for Oct. 1. “That did­n’t hap­pen in iso­la­tion – we’ve been train­ing peo­ple up, we’ve had task forces, we’ve made invest­ments – this is sort of a cap­ping step,” Lynn said.

The Defense Depart­ment has made sub­stan­tial progress in work­ing with defense indus­tries, Lynn said. Offi­cials want­ed to share con­cerns about the cyber threat and best prac­tices, but there were legit­i­mate con­cerns about pro­tect­ing pro­pri­etary infor­ma­tion.

“I think we’ve worked through a lot of that,” Lynn said. “We’ve been able to work with the indus­try and share infor­ma­tion about the threats and show them what we think is com­ing at them. I think we will be able to build fur­ther on that.”

The depart­ment also has made progress inter­na­tion­al­ly. Lynn trav­eled to Great Britain and Aus­tralia to begin that process, and will trav­el to Cana­da to con­tin­ue the out­reach. This entails shared warn­ing and shared tech­nolo­gies, and Cyber Com­mand will be part of the out­reach, he said.

Lynn acknowl­edged that more progress is need­ed on the many legal issues relat­ed to cyber­se­cu­ri­ty. A U.S. inter­a­gency team is look­ing at the laws of war and the appli­ca­tion to the cyber domain. What is an attack in the cyber world? How does a nation respond to an attack? What does sov­er­eign­ty mean in regard to the Inter­net?

“We’re in the midst of a series of meet­ings the White House is lead­ing to work through a lot of those legal issues,” Lynn said. “We’ve made progress orga­ni­za­tion­al­ly, indus­tri­al­ly and inter­na­tion­al­ly, but the legal regime in par­tic­u­lar is an area we need to tack­le fur­ther.”

And the threat con­tin­ues to grow, he said.

“The first thing you say about this threat is that it’s asym­met­ric,” Lynn said. “It does­n’t take the resources of a nation state to launch cyber war. Nations still have the best capa­bil­i­ties, but you can do very threat­en­ing and dam­ag­ing things with mod­est invest­ments.

“Our abil­i­ty to pre­dict where the threats are com­ing [from], even in con­ven­tion­al threats, is remark­ably poor,” he con­tin­ued. “We did­n’t see Desert Storm com­ing. We did­n’t see the series of events that led to Afghanistan. Fore­see­ing the threats in cyber­space is hard­er. With Cyber Com­mand, I think we need to be pre­pared for the unex­pect­ed.”

U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs)