By Cheryl Pellerin
American Forces Press Service
WASHINGTON, July 1, 2013 – The Defense Department released its first strategy for operating in cyberspace two years ago this month, and officials are at work on the next version, the senior military advisor for cyber to the undersecretary of defense for policy said in Baltimore last week.
“Senior leaders in the department and beyond the department understand that cyber is a problem [and] cyber is important. They’ve made cyber a priority, and there is a sense of urgency,” the general said.
The strategy’s five initiatives were to treat cyberspace as an operational domain, use new defense operating concepts to protect Defense Department networks, partner with other federal agencies and the private sector for a whole-of-government approach, partner with international allies for a global approach, and leverage the nation’s ingenuity through an exceptional cyber workforce and technological innovation.
The department’s method for implementing the strategy is called the cyber initiative group, the general said. “It’s a process that includes engagement at all levels, from the action-officer level all the way to senior defense leadership,” he explained.
A great deal of work remains, he added, “but we have made some really good progress in a number of areas under each of these strategy components.” The process has been difficult and complex, he added, which reflects the complex interrelationships involved in the cyberspace arena.
Over the past two years, Davis said, the department has made progress in several areas. For example, he told the audience, DOD has:
-- Established service cyber components under U.S. Cyber Command;
-- Established joint cyber centers at each combatant command;
-- Implemented a military-orders process to handle cyber action as it is handled in other operational domains in a process supported by an emergency conferencing procedure that links key organizations and leaders from across DOD and government to quickly assess major cyber threats and make decisions;
-- Established an interim command-and-control framework for cyberspace operations across joint service and defense agency organizations;
-- Developed a force structure model for cyber force organizations;
-- Established a plan and developed orders to transition to a new network architecture called the Joint Information Environment, or JIE, that will make DOD networks more effective, defendable and efficient; and
-- Conducted two years of Cyber Flag exercises at Nellis Air Force Base in Nevada that were joint, full-spectrum cyberspace operations exercises using live opposition forces and a virtual environment that mirrored current cyber threats.
DOD’s mission is to defend the nation in all domains, but in cyberspace, the department shares its role with other members of the federal cybersecurity team, including the Justice Department and its FBI, the lead for investigation and law enforcement, the general said.
Other team members are the Department of Homeland Security -- the lead for protecting critical infrastructure and government systems outside the military -- and the intelligence community, which is responsible for threat intelligence and attribution, he added, noting that there are even roles and responsibilities for public-private and international partners.
DOD has begun to refine its role in defending the nation in cyberspace, Davis said.
“We have three main cyber missions, and three kinds of cyber forces will operate around the clock to conduct those missions,” the general explained.
National mission forces will be prepared to counter adversary cyberattacks, he said. A second, larger set of combat mission forces will be prepared to support combatant commanders as they execute military missions, integrating cyber capabilities and effects into their military contingency plans and operations alongside traditional capabilities and effects, he added.
Still other cyber protection forces -- the largest set, Davis said, will operate and defend the networks that support military operations worldwide.
“We will deter, disrupt and deny adversary cyberspace operations that threaten vital U.S. interests when approved by the president and directed by the secretary of defense,” he said. “If a crippling cyberattack is launched against our nation, the Department of Defense must be ready for an order from the commander in chief to act.”