Official: Gates still considering cyber command
A DOD cyber command would not be responsible for civilian agency networks
- By William Jackson, Doug Beizer
- Jun 15, 2009
Defense Secretary Robert Gates has not yet made a final decision about establishing a new major command in charge of cyber defense, Deputy Defense Secretary William Lynn said today.
crowd of several hundred government, industry and academic officials
gathered today at the Center for Strategic and International Studies
in Washington hoping to hear an announcement about the new command, which will
coordinate efforts across the services to defend the newly recognized
However, Lynn said that “as of today, Secretary [Robert] Gates
has not made a decision on this. The secretary is evaluating
proposals,” and the joint staff is still ironing out details of how the
organization will work and what the chain of command will be.
command is a recognition that cyberspace is a new theater of
operations, in addition to land, sea and air. It has been proposed as
part of the administration’s reworking of the government’s
The organization and duties of the new cyber
command have not been finalized, but Lynn was very clear today about what the command would not be.
“Such a command would not represent the militarization of cyberspace,” Lynn said.
will continue to focus on its .mil domain, while primary responsibility
for the civilian .gov domain will remain with the Department of Homeland Security, he said. The private sector will be responsible for the rest of the
country’s Internet infrastructure. He said DOD and the National
Security Agency (NSA0 would be available to lend their expertise in cyber
defense “in a way that upholds and respects our civil liberties.”
Lynn’s message was the same as that
of NSA Director Lt. Gen. Keith Alexander at an industry gathering
earlier this year, when he assured his audience that NSA had no desire
to take over the non-national security portion of the country’s
Some observers have expressed
skepticism that DOD and NSA, which not only have a great depth of
expertise in cyber defense but are developing offensive capabilities,
would take a back seat to DHS and industry in protecting the
interconnected online world.
Lynn said coordinating the
efforts of the different sectors and overseeing their cooperation would
be the job of the White House cyber coordinator, a position President
Barack Obama announced last month.
The president is in the process of
selecting the person who will fill that position, and some observers
expect an announcement by the end of this month.
command will be a unified subcommand of the U.S. Strategic Command. As
such it would not require legislation from Congress, but its commander
would require Senate approval, Lynn said.
He emphasized the
importance of networking to today’s DOD. “There is no exaggerating the
military’s dependence on our networks,” he said. “Our twenty-first century
military simply cannot function without them.”
The threat to
those networks is not emerging, he said. “It is here today. It is here
now. Our defense networks are constantly under attack.”
than 100 foreign intelligence operations are trying to breach DOD
networks, which are scanned millions of times a day. A number of
countries are developing offensive capabilities, and terrorist and
criminal organizations are also prying at the interfaces. In one of the
most serious incidents, thousands of computers were compromised last
year, and DOD banned the use of many removable memory devices in
Lynn said no lives have been lost to cyberattacks to
date, but the cost of defending networks is increasing. DOD spent $100
million in six months last year defending .mil networks. Due in part to
that constant pressure, the military has some of the best defensive
capabilities on its networks, and each service has its own operational
“The DOD will defend its networks,” Lynn said. “It will protect this domain. [But] we need to do better.”
is not producing the trained professionals it needs to defend its
networks. Only 80 information technology security specialists graduate
each year from its military academies. The proposed fiscal 2010 budget
includes funding that would more than triple that number to 250 per
year, Lynn said.
The military also must do a better job
of overall training in cybersecurity and end the competition between
commands for the limited manpower and resources now available in that
field, Lynn said.
The new cyber command will coordinate the
military services’ activities and establish the rules of engagement for
responding to cyberattacks. Creating those rules is complicated by the
fact that attacks in cyberspace can happen in a matter of milliseconds
rather than days or even minutes, and responses must occur as close to
real time as possible.
The effort is further complicated by
the difficulty in attributing the source and goal of attacks. Although
scans, probes and breaches sometimes can be tracked to computers in
other countries, Lynn said officials are not able to attribute those
incidents to a particular government or party, or say whether the
intent was military, political or criminal.
Although the cyber
command will restrict its activities to the .mil domain, Lynn stressed
the need for better cooperation among the military, civilian agencies,
the private sector and other countries.
William Jackson is a Maryland-based freelance writer.
Doug Beizer is a staff writer for Federal Computer Week.