By Cheryl Pellerin
DoD News, Defense Media Activity
FORT MEADE, Md., Aug. 18, 2014 – U.S. Cyber Command
continues to expand its capabilities and capacity, Navy Adm. Mike Rogers said
Aug. 14.
The U.S. Cyber Command commander and director of the
National Security Agency was speaking during an interview at the NSA
headquarters building here.
“The decision to create [U.S. Cyber Command] was a …
recognition of a couple things. No. 1, the increasing importance of the cyber
domain and the cyber mission set in Department of Defense operations in the
21st century,” Rogers said.
Such a command would add to the department’s ability to
protect and defend its networks, and give policymakers and operational
commanders a broader range of options, he said.
The second consideration involved DoD’s mission to defend
the nation, coupled with the potential of nation-states, groups and individuals
to conduct offensive cyber activities against critical U.S. infrastructure.
In that scenario, the admiral said, defense officials
thought it was likely the president would “turn to the secretary of defense and
say, ‘In your mission to defend the nation, I need you to do the same thing
here in the cyber arena against this mission set critical to U.S.
infrastructure, and I need an organization capable of doing that.’”
These conditions led the department to realize the need to
create a traditional warfighting organization capable of executing a spectrum
of cyberspace missions, Rogers said.
And, he added, they knew they needed to do so “with a
dedicated professionalized workforce. This is not a pickup game where you just
come casually to it.”
Rogers said he focuses on five priorities for Cybercom.
These are to build a trained and ready cyber force, put
tools in place that create true situational awareness in cyberspace, create
command-and-control and operational concepts to execute the mission, build a
joint defensible network, and ensure Cybercom has the right policies and
authorities that allow it to execute full-spectrum operations in cyberspace.
Making progress is important to Rogers, who characterized
his ultimate goal as bringing U.S. Cyber Command to a level where it’s every
bit as trained and ready as any carrier strike group in the U.S. Central
Command area of responsibility or any brigade combat team on the ground in
Afghanistan.
“My objective during my time as the commander, first and
foremost,” the admiral said, “is to ensure that we have brought to fruition the
operational vision in cyber … [to make sure] it’s something real, it’s
something tangible, and it is operationally ready to execute its assigned
missions.”
That is happening as Cybercom brings its warfighting
capability online, with the services generating a total cyber mission force of
about 6,000 people by 2016, all trained to the same high standard and aligned
in 133 teams with three core missions:
-- The Cyber National Mission Force, when directed, is
responsible for defending the nation’s critical infrastructure and key
resources.
-- The Cyber Combat Mission Force provides cyber support to
combatant commanders across the globe; and
-- The Cyber Protection Force operates and defends the DoD
information network, or DoDIN.
Defending the DoDIN is the focus of a partnership in
progress with the Defense Information Systems Agency, or DISA.
The agency provides command and control and
information-sharing capabilities and a globally accessible enterprise
information infrastructure to warfighters, the president and national leaders,
and other mission and coalition partners.
DISA, Rogers points out, is also a combat support agency.
The agency reports to acting DoD Chief Information Officer
Terry Halvorsen, and its director is Air Force Lt. Gen. Ronnie D. Hawkins Jr.
“I have always believed … that we need to integrate
operations and networks and our defensive workforce into one team,” Rogers
said, “and that you are more effective in operating a network and in defending
a network when you do it with one integrated approach.”
As a result, Rogers’ team decided they needed to create a
relationship with DISA, he said, adding, “At the moment there’s no formal
[command and control] line between us, but we’re in the process of creating
one.”
As part of that process Rogers collaborates with Halvorsen
and Hawkins.
“What I think we need to do,” he said during their meeting,
“is create an operational construct that creates a direct linkage [between]
U.S. Cyber Command, DISA and U.S. Cyber Command service components.”
It’s critical that the relationship includes the service
components, Rogers said, “Because, under the current network structure today,
those networks are largely run by [the] services. So we’ve got to create a
relationship between DISA and the services that is very operational because
you’ve got to maneuver networks, you’ve got to react to changes, and you can’t
do that in a static kind of environment.”
He added, “We're in the process of doing that and I expect
to roll it out in the fall. … You’ll hear it referred to as JFHQ DoDIN,” he
said, or Joint Force Headquarters DoD Information Networks.
Rogers said that he, Halvorsen and Hawkins agree, this is
the future of DISA.
“[DISA] will operate on the networks. They'll be part of our
defensive effort so they will be out operating on the networks just like us,”
he added.
“One of the core missions is the defense of the DoDIN,”
Rogers said. “The forces associated with that mission will be assigned to DISA,
to the services [and] to the combatant commanders.” So, he added, DISA will
have some operational control over the cyber mission force to help execute
their mission.
Another of Rogers’ priorities for Cybercom is to help
develop a common situational awareness of “what’s happening in DoD networks,”
he said.
The commander highlighted the need for speed and agility in
the cyber arena, adding, “If you can’t visualize what you’re doing … you’re not
going to be fast or as agile, and thus arguably not as effective as you need to
be.”
Rogers said, “As an operational commander I am used to the
idea of walking into a command center, looking at a visual depiction that
through symbology, color and geography enables me to very quickly come to a
sense of what's happening in this space. We are not there yet in the cyber
arena.”
Establishing situational awareness in the cyber realm is a
combination of technology and capability, the admiral said, and determining
what knowledge is needed and what elements contribute to that.
“Is what U.S. Cyber Command needs to know about what's going
on in the network world the same thing as a strike group commander needs in the
Western Pacific? The same thing an Air Force air wing needs in Minot, North
Dakota? The same thing a brigade combat team needs in Afghanistan? It will
vary, so we've got to create a system that you can tailor to the needs of each
commander,” he said.
Rogers noted there are many ongoing efforts to improve
situational awareness, pointing out the need to work collaboratively to fix the
problem.
“We do have some tools right now,” he added. “They’re just
not as mature and comprehensive as I'd like them to be.”
Cyber is foundational to the future, the admiral said, and
he often comments to his fellow operational commanders that cyber is a mission
they have to own.
“The wars of the 20th century taught most warfighting
professionals that, no matter what you do, a good foundational knowledge of
logistics is probably going to stand you in good stead,” Rogers explained.
In the 21st century, he added, operational commanders may
find that, regardless of their mission, they will need a sense of what’s going
on in their networks, where they’re taking risk, and the impact of network
structure and activities on their ability to execute the mission.
“It’s not something you turn to your communications officer
… or your CIO and say, ‘I don't really understand this. Go out and do some of
that for me.’ That isn't going to get us where we need to go,” the admiral
said.
Rogers elaborated on the need for Cybercom to be ready.
During his time as Cybercom commander, he said he expects
that a nation-state, group or individual will attempt to engage in offensive,
destructive capability against critical U.S. infrastructure, from the power
grid to the financial sector.
The Presidential Policy Directive for Critical
Infrastructure Security and Resilience outlines 16 designated U.S. Critical
Infrastructure sectors.
Rogers says he tells his team they have to be ready to
respond to such a call. But for an attack on the United States, Cybercom will
support the Department of Homeland Security, which is the lead agency for
broader security protections associated with critical infrastructure, and
partner with the FBI, which is the lead agency for domestic attacks and law
enforcement.
“Our biggest focus really is going to be bringing our
capabilities to bear to attempt to interdict the attack before it ever gets to
us,” the admiral said.
“Failing that,” he continued, “we'll probably also have some
measure of capability that we can provide to work directly with those critical
infrastructure networks to help address the critical vulnerabilities and where
the networks could use stronger defensive capability.”
To prepare for such interagency collaboration in the event
of a domestic cyberattack, the command trains as it will fight, Rogers said.
“In the military I'm used to the idea that you train like
you fight. So we exercise [and] we replicate the things we think are going to
occur in a combat scenario,” the admiral said. “I want to do the exact same
thing with the same set of teammates I'm going to operate with if we get the
order to do so.”
The department and Cybercom already do internal exercises,
he said, as well as ongoing interagency exercises such as Cyber Guard, in which
elements of the National Guard, reserves, NSA and Cybercom exercise their
support to DHS and FBI responses to foreign-based attacks on simulated critical
infrastructure networks.
The whole-of-government exercise, completed June 17, was
designed to test operational and interagency coordination and tactical-level
operations to prevent, mitigate and recover from a domestic cyber incident.
Cyber Guard is a good example, Rogers said, “but I want to
build on that. DHS and FBI were there but I think we can do even more.”
Information sharing and partnerships with the critical
infrastructure sectors is an important aspect of enabling Cybercom to more
effectively interdict and stop an attack, if directed to do so by the president
and defense secretary, he added.
The cyber threat is growing increasingly complex, the
Cybercom commander said, and a more diverse set of actors is involved in the
mission set, “from nation-states that continue to increase their capabilities,
to groups, to individuals.”
In broad terms, he added, “you don’t see a crisis in the
world today that doesn’t have a cyber aspect to it.”
For that reason and others, the ultimate construct of U.S.
Cyber Command must be flexible, the admiral said.
“If you want to develop full-range capabilities and generate
the maximum flexibility for their application, you’ve got to build a construct
that recognizes we’re going to be supported sometimes, we’re going to be
supporting other times, and sometimes we’re going to be doing both
simultaneously,” Rogers said.
In one scenario Cybercom might be helping the commander in
the Pacific, he said, and “at the same time we might be driving efforts to
secure the U.S. financial infrastructure … and trying to support U.S. Central
Command.
“It’s just the nature of things,” Rogers said, “because
cyber is so global and so foundational.”
Posts
No comments:
Post a Comment