By Claudette Roulo
DoD News, Defense Media Activity
WASHINGTON, Oct. 29, 2014 – Cyber is the ultimate team sport, and it will take true partnerships between defense and industry to protect the nation’s information systems, the commander of U.S. Cyber Command told an audience at the U.S. Chamber of Commerce here yesterday.
“There's no one single group or entity that has all the answers, nor is there one single group or entity capable of executing the solutions that we need to do,” Navy Adm. William S. Rogers said.
But, Rogers noted, it’s up to leaders in defense and the private to drive the cultural changes that will allow these partnerships to thrive.
“When you don't have leadership buy-in, you are fighting with one hand tied behind your back,” he said.
Cyber blurs line between public, private sectors
to the traditional view puts the private sector in one arena and the government in another, Rogers said, and the whole question of national security as something apart from that. But cyber blurs the line between those three groups, the admiral said.
“The cybersecurity challenges we are facing a nation, I view them as a national security issue for us,” he said. “And how are we as a nation going to address the challenge that is not going to go away?”
The hazards that defense and the public sector face in the cyber realm are serious and long-term, Rogers said.
“Every day there are groups, individuals and nation-states attempting to penetrate our DoD networks, and it's the same thing we're seeing in the corporate world,” the admiral noted.
Cybercom has three missions: to defend the department’s networks, generate the cyber mission force and provide protection and support in the event of attacks on critical U.S. infrastructure. Accomplishing this third mission won’t be possible without building relationships with the private sector and other federal agencies in advance, the admiral said.
“If there's one thing you learn in the military, Rogers said, “you do not wait until the day of the crisis to suddenly say to yourself, ‘Boy, I guess we better do some training with each other, or I guess we better understand what our partners needed and what they don't need, and what's effective for them and what is not effective.’”
The Defense Department already is working alongside other federal agencies, including the Department of Homeland Security and the Federal Bureau of Investigation, he said.
Rogers also serves as director of the National Security Agency. In that role he oversees infrastructure assurance -- that is, not just defending systems, but developing their standards, he said.
“We do it with the federal government, and increasingly we find ourselves called on by our DHS and FBI teammates to provide capability from our cyber expertise to support the private sector,” the admiral said.
Those types of requests are only going to increase, Rogers said.
“You can pick up a newspaper. You can get on your favorite website,” he said. “You can blog on whatever particularly interests you. You can go to whatever media outlet that you find is the best source of your news, and every day you will find something about a major cyber incident. This is not a short-term phenomenon.”
Industry concerns are legitimate
The private sector has real and legitimate concerns about the legal liabilities of partnering with the government, he said.
“We have got to help remove those very legitimate concerns and address them, because in the end what we have got to get to, I believe, is real-time automated machine-to-machine interface,” Rogers said. Before that happens, both sides need to clearly define in advance what information will be shared, he added.
The admiral said he does not want “privacy information” to be part of any information-sharing agreements, because that’s not the focus of cybersecurity.
“What we need to share with each other is … actionable information that you can use that gives you insights into as to what's the malware you're going to see,” he said. “How is it going to come at you? What are the indicators that you should be looking for in advance that would suggest to you that activity of concern is coming?”
In return, Rogers said, DoD should be able to help identify who is targeting the system under attack. “And then collectively between us, we need to share this, and we need to share it both across the entire sector, because … the insights of one can translate to the defense of many,” he said.
Congress is working on legislation that will protect industry from government intrusion, while enabling the government to partner with the private sector to protect industrial networks from attack, the admiral said.
“So we'll be working our way through that process, but the key to it is going to be dialogue,” Rogers said.