Close this Advertisement

What is your e-mail address?
My e-mail address is:

Do you have a password?
Forgot your password? Click here
close

EmbedEmbed

Cyber command in urgent need of strategy, military leaders say

Military leaders expect new command to articulate its strategy soon

Military leaders from the Army, Navy, Air Force and Marine Corps expect the Defense Department’s new unified Cyber Command to rationalize military cybersecurity efforts.

However, at the same time, the increasing complexity of cyberspace and ongoing workforce issues remain pressing challenges, adding urgency, they said, for the new command to articulate its strategy soon.

“We made conscious decision a year ago, knowing Cybercomm was coming, to [ensure the Army’s] direction was in sync with expected plans — and wait for the guidance,” said Maj. Gen. Gregory Schumacher, the Army's assistant deputy chief of staff.

“Now that [the Cyber Command] is here, my sense is now is the right time to move forward,” Schumacher added. But he cautioned it will be important to “get guidance from Cyber Command” soon, in terms of “what are the definitions, what are the forces and the structure, and not get ahead of that and create more confusion.”

Schumacher, speaking at a cybersecurity conference held in Washington by the D.C. chapter of the Armed Forces Communications and Electronics Association June 25, noted that cyberspace has become a complex operating environment that requires increasingly sophisticated skills.

He described the environment as one with many layers — beginning at the individual level and moving through the cyber-persona layer, the network layer, a physical layer, and a geographic layer. It’s further complicated by the fact that a single site can be accessed by multiple users; or one individual can have multiple domains.

“We see cyber cuts across geographic domains, and raises the question of what kind of forces do we preset,” he said.

At the same time, it’s important to recognize that changes in the military’s network defenses can give away important operating clues to U.S. adversaries, said Maj. Gen. David Senty, acting vice commander, Air Force Cyberspace Command (Provisional), and commander, Air Force Network Operations, Barksdale Air Force Base.

“Network operations today [need to be] approached differently,” Senthy said. “When we make a network change, what are we telling our adversaries? And what might they conclude we’re changing? Everything we do, I want to know what fingerprints we’ve left,” he said.

Sentry, along with U.S. Navy Rear Adm. (Select) Sean Filipowski, raised the need to improve the cyber skills of the military’s workforce.

“We have two skills sets we’re looking for — expeditionary combat skills and cyber skills,” Sentry said. “It’s a jump ball whether we combine them, or they will remain separate.”

“We consider every sailor who touches a computer is a cyber-warfare (specialist),” said Filipowski, director, Computer Network Operations of the Naval Network Warfare Command.

“We need to have instantaneous visibility into our networks and a common operational picture,” he added.

“What keeps me up at night,” said Ray Letteer, representing the U.S. Marine Corps, “are poor browser and SQL database configurations.” he said. “My blue teams that do operational tests keep finding issues,” he said, pointing to peer-to-peer operating systems, people failing to follow policies, and the reliance on passwords as some of the many ways systems are easily breached.

“Phishing is becoming more sophisticated,” said Letteer, who heads the Marine Corps’ Information Assurance Division in the Office of the Director, C4/DON Deputy Chief Information Officer.

“But I’m really concerned with this rush to social networking,” he said. “I’m not convinced of it yet. I know how easy it is to gather information. We appreciate its importance for recruiting, but on the operational end, it has many risks,” he warned.

Letteer also argued that the use of advanced auditing tools as a means of defending military networks was little more than “perfume on a pig.”

“The implementation of cyber security is more than tools and boxes. The tools are useless without the people. Try as we might, we are all going to be subject to a user error in judgment,” he said. “That’s were accountability comes in. We have to be more comfortable to apply punishments with recalcitrant individuals who ignore the concerns and become a risk to my network,” he said.

Defining the skills and requirements to combat cyber threats will be an important first step for the new Cybercom, said Schumacher, even before the command tackles how to deal with reported shortages in cyber security experts.

Cyber Command will need to “articulate and define the skill sets--including some joint skill sets,” he said. “But they need to articulate specific mission skill sets as well, before we determine how many of what we need,” he said. What is actually required “is still fuzzy,” he said.

The panel's moderator, Lt. Gen. Harry Raduege (retired), co-chair of the CSIS Commission on Cybersecurity for the 44th Presidency, and chairman, Deloitte Center for Network Innovation, noted that the commission has been asked to prepare a Phase 2 plan for President Barack Obama’s Cyber Security Policy initiative, announced May 29.

About the Author

Wyatt Kash served as chief editor of GCN (October 2004 to August 2010) and also of Defense Systems (January 2009 to August 2010). He currently serves as Content Director and Editor at Large of 1105 Media.

Related Articles

Reader comments

Thu, Jul 2, 2009 Bolding cyberspace

An "urgent need for stategy" is an under statement of the problem facing the DoD in their rush to create a "Command" to solve the "problem" they have all been told exists. One must assume such a Command will operate in Cyberspace, which is a form of virtual reality. A lot of "bad" things happen in this space; such as Web Vandalism, Cyber Espionage, Distributed Denial of Service, vulnerabilities/weaknesses in connections to critical infrastructures, even domestic and foreign nuisance hackers exposing our lack of security, especially in DoD/Military networks. Now which of these "bad" things are we going to conduct Warfare against (using our Military Forces)? History wise; in 1992 the C3I of the DoD/Pentagon wrote a directive on, what was then called, Information Warfare (IW). NSA had no part of it and probably officially said, it was not their business. However because of a DCI/CHJCS meeting at the NDU in early 1996, NSA was charged to create an IW Technology Center. This was an important period of time for those "involved" in cyberspace. On the DoD side STRATCOM leaders got involved. The CINC saw that "cyber related" offensive actions, would require approvals very similar to Nuclear approvals and STRATCOM had and understood those proceedures. Some of the STRATCOM questions (at the time) were, do we need a new military career field? The answer was, No! we had it already, it is called a cyptologist and they work at NSA. The critical element in alll discussions was NSA technology and expertise. Then the "real" problems arose (real in the minds of those who want to keep control). Title 10 verses Title 50; DCI intelligence requirements verses DoD military target requirements; all tied to who pays for what. Following the "golden rule" - He who has the gold, "rules". It eventual settled in the creation of a JTF NW at NSA. There was obviously a lot more "tension" invloved,
and the JTF never got the needed military "forces" (those that were under the CSS). But during all of this; the subject of "information Assurrance" now fondly called "cyber security" never came up because it has nothing to do with the subject of Warfare/Covert Action in Cyberspace. There are two "truths" in all of this (obviously, from my stand point) one -The DoD has a major communication/information/cyber security problem that causes the need for a new Command; an information/communications/cyber Command for the protection and security of DoD IT systems; two- NSA has an IA part of their organization(the code makers) that can support that DoD need, as they always have. But the DoD Cyber security problem has nothing to do with the history of NSA/STRATCOM and the potential for offensive action, by the US, in Cyberspace. There is a reason that C3 and I was separated in the Pentagon! Therefore, the "new" Command, as is presently being discussed, has little to no chance for a coherent strategy!








Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Related Webcasts

Related White Papers

Related Podcasts

Related Resources

Editorial Webcasts

  • Desktop Virtualization: Better Management with Smaller Budgets Register Now

    This webcast will explore the benefits of desktop virtualization, and how the innovative technology can help agencies lower the cost of their IT infrastructure, improve end-user performance, while enabling a mobile workforce. A government expert will share real-life case studies of leveraging desktop virtualization solutions to enable secure telework policies, organization-wide IT infrastructure standards and extend the life of current hardware assets - Register Now!! Read more

More Editorial Webcasts

Federal Computer Week eNewsletters

  • Subscribe to Newsletters Subscribe

    Federal Computer Week's eNewsletters deliver the latest policy and management news to your inbox.