By Claudette Roulo
DoD News, Defense Media Activity
WASHINGTON, Oct. 29, 2014 – Cyber is the ultimate team
sport, and it will take true partnerships between defense and industry to
protect the nation’s information systems, the commander of U.S. Cyber Command
told an audience at the U.S. Chamber of Commerce here yesterday.
“There's no one single group or entity that has all the
answers, nor is there one single group or entity capable of executing the
solutions that we need to do,” Navy Adm. William S. Rogers said.
But, Rogers noted, it’s up to leaders in defense and the
private to drive the cultural changes that will allow these partnerships to
thrive.
“When you don't have leadership buy-in, you are fighting
with one hand tied behind your back,” he said.
Cyber blurs line between public, private sectors
to the traditional view puts the private sector in one arena
and the government in another, Rogers said, and the whole question of national
security as something apart from that. But cyber blurs the line between those
three groups, the admiral said.
“The cybersecurity challenges we are facing a nation, I view
them as a national security issue for us,” he said. “And how are we as a nation
going to address the challenge that is not going to go away?”
The hazards that defense and the public sector face in the
cyber realm are serious and long-term, Rogers said.
“Every day there are groups, individuals and nation-states
attempting to penetrate our DoD networks, and it's the same thing we're seeing
in the corporate world,” the admiral noted.
Essential partnerships
Cybercom has three missions: to defend the department’s
networks, generate the cyber mission force and provide protection and support
in the event of attacks on critical U.S. infrastructure. Accomplishing this
third mission won’t be possible without building relationships with the private
sector and other federal agencies in advance, the admiral said.
“If there's one thing you learn in the military, Rogers
said, “you do not wait until the day of the crisis to suddenly say to yourself,
‘Boy, I guess we better do some training with each other, or I guess we better
understand what our partners needed and what they don't need, and what's
effective for them and what is not effective.’”
The Defense Department already is working alongside other
federal agencies, including the Department of Homeland Security and the Federal
Bureau of Investigation, he said.
Rogers also serves as director of the National Security
Agency. In that role he oversees infrastructure assurance -- that is, not just
defending systems, but developing their standards, he said.
“We do it with the federal government, and increasingly we
find ourselves called on by our DHS and FBI teammates to provide capability
from our cyber expertise to support the private sector,” the admiral said.
Those types of requests are only going to increase, Rogers
said.
“You can pick up a newspaper. You can get on your favorite
website,” he said. “You can blog on whatever particularly interests you. You
can go to whatever media outlet that you find is the best source of your news,
and every day you will find something about a major cyber incident. This is not
a short-term phenomenon.”
Industry concerns are legitimate
The private sector has real and legitimate concerns about
the legal liabilities of partnering with the government, he said.
“We have got to help remove those very legitimate concerns
and address them, because in the end what we have got to get to, I believe, is
real-time automated machine-to-machine interface,” Rogers said. Before that
happens, both sides need to clearly define in advance what information will be
shared, he added.
The admiral said he does not want “privacy information” to
be part of any information-sharing agreements, because that’s not the focus of
cybersecurity.
“What we need to share with each other is … actionable
information that you can use that gives you insights into as to what's the
malware you're going to see,” he said. “How is it going to come at you? What
are the indicators that you should be looking for in advance that would suggest
to you that activity of concern is coming?”
In return, Rogers said, DoD should be able to help identify
who is targeting the system under attack. “And then collectively between us, we
need to share this, and we need to share it both across the entire sector,
because … the insights of one can translate to the defense of many,” he said.
Congress is working on legislation that will protect
industry from government intrusion, while enabling the government to partner
with the private sector to protect industrial networks from attack, the admiral
said.
“So we'll be working our way through that process, but the
key to it is going to be dialogue,” Rogers said.
Posts
No comments:
Post a Comment