By Amber Corrin
The Defense Department is gearing up to release an unclassified version of its first overarching strategy for cyberspace operations.
The official announcement of the Defense Strategy for Operating in Cyberspace will come the afternoon of July 14 from outgoing Deputy Secretary William Lynn, who will speak at the campus of the National Defense University in Washington. Lynn is expected to outline the strategy and answer press questions.
However, published reports indicate the public likely won’t be getting a meaty description of DOD operations in cyberspace. In the past, Lynn and other DOD officials have warned of the dangers of cyberattacks, but little has been said publicly about how the department defends against such attacks or how it runs offense against adversaries.
In the past, Lynn has spoken about the nascent cyber strategy. On the circuit at various conferences, he has acknowledged the lack of cohesive governance as a critical issue.
“Until recently, the military’s cyber effort was run by a loose confederation of joint task forces spread too far and too wide, both geographically and institutionally, to be fully effective,” he said in May 2010 at a U.S. Strategic Command Cyber Symposium in Omaha, Neb.
According to Stars and Stripes, at the RSA conference in San Francisco in February, Lynn said the DOD strategy will hinge on active defense systems, planning and coordination with the Homeland Security Department and a strong public-private partnership – comments that echo what Lynn has said at other speaking engagements.
Still, expect the bulk of the juicy details of DOD’s cyber arsenal to be absent from the unclassified release.
“The unclassified version, you will find, follows much of what was in the administration’s [international cyber strategy released in May],” Pentagon spokesman Col. Dave Lapan told reporters at the Pentagon July 11, per Stars and Stripes. “This isn’t about acts of war – this is about an overall cyber strategy, and how we defend ourselves against cyber threats.”
Even if it is a watered-down version that is released to the public, it sets the stage for discussions set to take place in coming days in Washington. The July 15 AFCEA Cybersecurity Summit will have several DOD officials on tap, discussing network security, the U.S. Cyber Command and related issues.
At 1105 Media’s upcoming FOSE conference July 19-21, several different aspects of cybersecurity will be discussed by an array of high-level government officials and industry insiders. 1105 Media is the parent company of Federal Computer Week and Defense Systems, which publish the Inside DOD blog.
Posted on Jul 13, 2011 at 12:14 PM3 comments
The trouble with cyberspace is that little is defined, many Defense Department officials say. There aren’t the maps of physical terrain that are used every day in military operations. As far as official word goes, a year after the establishment of the Cyber Command, policies and doctrine are still being worked out. Little is publicly known about what’s in America’s cyber arsenal — or about the policies that govern it.
What is clear: The DOD approach to cyberspace needs to be much different than traditional operations.
“We can’t dominate cyberspace — the buy-in for bad actors is too low. We should secure cyberspace in a way that makes it impossible for others to dominate,” said Army Col. Jeffery Schilling, chief of current operations at Army Cyber Command. Schilling, June 28 at the IDGA Cyber Warfare and Security Summit in Washington. Schilling stressed that his comments were strictly his own opinion and not representative of DOD.
Schilling said the imminent steps in making cyber defense progress include better definitions for the territory and operations.
“We need to draw a line around cyberspace before the U.S. can exercise governance,” Schilling said, noting that it needs to be determined what exactly to protect. “If you don’t know what’s inside the borders, how can you know what to protect?”
He added that hostile acts and intent — and assigned federal jurisdictions — still need definitions, too.
What’s unique about cyberspace and what makes things more complicated is some of the domain's key attributes: It’s a man-made global commons, and for the most part, it isn’t government owned or operated, Schilling pointed out.
Its borderless existence means there’s no distinction between inside and outside the lines. It’s a virtual environment with no dimensions. Traditional borders have depended on physical geographical boundaries and attributes, of which there are none in cyberspace.
Schilling suggested that cyberspace be treated as sovereign-less space, like the open sea or Antarctica. To address the critical issue of anonymity, he also suggested users and equipment have flags like ships do for identification purposes. This would require international policy and cooperation, he added.
The question is: How much of this is already under way at DOD, and how much of it still remains to even be considered?
Posted on Jun 29, 2011 at 12:14 PM3 comments
There have been many hours of talk about modernizing the Defense Department and optimizing its IT infrastructure – even Army CIO Lt. Gen. Susan Lawrence acknowledged
this in March.
“We talk a great talk, we really do,” she said. “Our hearts are in the right place. But change is hard.”
Is all the talk bogging down progress, or is it providing a chance for DOD to right the ship?
The planning process seems to be a big reason behind the slow trudge toward a DOD enterprise network, which is a primary goal for defense IT at the moment. Both DOD CIO Teri Takai and DOD Deputy CIO Rob Carey at separate events in April said immense effort is going into developing a framework to support the much-discussed and much-needed military enterprise infrastructure that would connect the services.
“We have to manage the [DOD] network as a living, breathing entity," Carey said at an AFCEA Nova event April 22 in Vienna, Va. He said processes and technology need to be put into place to make it simpler to get information on the network. But at the same time, he added, "we have to do everything in a cogent manner so we don't break anything."
The effort to date is encouraging, Carey said. But he noted that significant cultural change is still needed, and the department is still hammering out a funding model for joint and enterprise initiatives.
“We’re working with the components, services and agencies to continue to develop detailed technical specifications and implementation plans,” he said.
For now, Carey said his office remains focused on near-term actions for moving toward a departmentwide IT infrastructure for data center consolidation, network standardization and optimization, enterprise identity management, enterprise e-mail, and enterprise hardware and software procurement.
He said that all of the work being done is toward three main goals: effectiveness, efficiency and improved cybersecurity.
Carey also said the continuing budget woes have become a catalyst for change at DOD – an idea Takai appears to be putting to work.
According to Takai, the scarcity of funds is driving innovation in technology and policy-making that will improve financial standings. This is turn will put the right technologies and policies in place to help yield the desired budget savings, she said.
“It’s easy with the budget crisis and DOD challenges to say, ‘We’re going to make efficiencies and budget savings top priority’ ... but when you pursue [the right solutions], you save money,” Takai said April 21 at an Input event in Arlington, Va. “It’s sometimes easier to make hard decisions when budgets are shrinking, because you don’t have the luxury of letting everyone do everything they’ve always wanted to do.”
It will be interesting to see the fruits of DOD's continuing labors in development and budget wrangling. The question is, when will the public see concrete evidence?
Posted on Apr 25, 2011 at 12:14 PM3 comments