By Cheryl Pellerin
American Forces Press Service
WASHINGTON, March 14, 2013 – A transformation is under way in the Defense Department’s understanding and treatment of cyber requirements in everything from communication networks to military operations in cyberspace, DOD officials told a House panel here yesterday.
Teresa M. Takai, DOD’s chief information officer, Army Gen. Keith B. Alexander, commander of U.S. Cyber Command and director of the National Security Agency, and others testified before the House Armed Services Subcommittee on Intelligence, Emerging Threats and Capabilities.
Beginning with information technology investments that support mission-critical operations in DOD offices, in combat zones and around the world, Takai said the department is undertaking an ambitious effort to restructure how its many IT networks are constructed, operated and defended.
DOD operates in more than 6,000 locations around the world. Its IT services have 3.7 million users and support the needs and missions of three military departments and more than 40 defense agencies and field activities.
“In contrast to today's network, in which each military department differs in its approach to and design of cyber defense,” Takai told legislators, “ … the department is aligning its IT networks into a Joint Information Environment [to restructure] our networks … our computer centers, our computing networks and cyber defenses to provide a single joint cyber security approach that is common across the classified, secret and coalition networks.”
JIE will change the way DOD assembles, configures and uses new and legacy information technologies. Its enterprise-level network operations centers will reduce the complexity and ambiguity of controlling numerous networks, Takai said in her written testimony.
A single-security architecture will reduce the number of organizationally owned firewalls and unique routing algorithms, and will make information routing more efficient, she added.
DOD has refined the JIE concept, Takai told the panel.
“We've concluded that we can achieve all the department's cyber security goals,” she said, “But, just as importantly, still have better joint warfighting decision support, better operational and acquisition agility and … better efficiencies.”
Other ongoing efforts include deployment and use of cyber security identity credentials for users of DOD’s secret network, continuous network monitoring for vulnerabilities, implementing policies supportive of DOD efforts to minimize risk from supply chain vulnerabilities, and establishing voluntary cyber information-sharing efforts with the defense industrial base.
“We have a new focus on the development of secure communications for presidential and senior leader communications, nuclear command and control, and continuity of government,” Takai said, “[and] we're working with other federal agencies to ensure that we have the ability to communicate at all times.”
Takai’s office is working to ensure that the department's position, navigation and timing infrastructure is robust, the CIO added, and her office recently issued the DOD commercial mobile device strategy and implementation plan that allows DOD personnel to use commercial mobile devices in classified and unclassified environments.
In his testimony to the panel, Alexander highlighted five Cybercom priority areas, including building and training a ready workforce, establishing command and control and doctrine for operating in cyberspace and determining how Cybercom works with the combatant commands.
Other priorities, he said, are developing situational awareness in cyberspace, implementing a defensible architecture for DOD through the Joint Information Environment, and establishing the necessary authorities, policies and standing rules of engagement to operate in cyberspace.
“We’re working with the Defense Department, the White House and the interagency,” Alexander said, “to set up standing rules of engagement -- what I'll call the way in which we would actually execute” in response to a cyberattack on critical infrastructure, for example, from a foreign adversary on the United States.
“Right now, those decisions would rest with the president and the [defense] secretary,” the general explained. “And they would tell us to execute … think of this as missile defense, but missiles in real-time.”
Alexander said he thinks it’s reasonable “that when our nation is under attack, whether it's physical attack or cyberattack, the Defense Department will do its part to defend the country.”
The issue, he said, “is when does an exploit become an attack and when does an attack become something that we respond to?”
The general called the determination of cyber rules of engagement a learning process, “that changes fundamentally the way we've defended the nation from a kinetic perspective, to how we're going to have to defend the nations from a cyber perspective.”
Critical to Cybercom’s ability to defend the nation are both cyber cadre the command is developing with the help of the services, and a critical partnership with industry, Alexander said.
In his written testimony, Alexander said a Cyber National Mission Force and teams will help defend the nation against national-level threats, a Cyber Combat Mission Force and teams will be assigned to the operational control of individual combatant commanders, and a Cyber Protection Force and teams will help operate and defend DOD’s information environment.
A fourth set of direct support teams will provide analytic support, he added.
Each cyber mission team is being trained to a common and strict operating standard, he added, so they can be online without putting at risk the nation’s own military, diplomatic, or intelligence interests.
The second critical need for Cybercom is a partnership with industry. Protections for Internet service providers and other companies that are willing to work with the government to help detect and stop cyberattacks were spelled out in cyber legislation that failed to pass the Senate last year.
“We cannot see attacks going against Wall Street today,” Alexander said. “Somebody has to tell us, and if we're going to be able to react to it in time to have favorable results, we need to know that at network speed so that we can react at network speed.”
That partnership “is where the legislation is going to be important,” Alexander said.