By Army Sgt. 1st Class Tyrone C. Marshall Jr.
DoD News, Defense Media Activity
WASHINGTON, April 14, 2015 – The Defense Department will release
a new cyber strategy next week to guide the way ahead for cyber in the
foreseeable future, a senior Pentagon official told Congress today.
Testifying before the Senate Armed Services Committee’s
emerging threats and capabilities subcommittee, Eric Rosenbach explained how
DoD plans to continue improvement to America’s cybersecurity posture. Rosenbach
is the assistant secretary of defense for homeland defense and global security.
“To show that we’re thinking very clearly about this,” he
said, “next week we’ll release a new strategy for the department that will
guide the way forward for the next several years in cyber.”
Defense Secretary Ash Carter has driven this effort, he
added.
DoD Cyber Mission
Rosenbach said defending DoD’s networks is the department’s
most important cyber mission. “I know that may be surprising when you think
about the Department of Defense,” he said. “We’re very network-reliant and
network-centric.” DoD has the largest enterprise network in the world, he
added, and all military operations depend on that network.
Secondly, Rosenbach said, the Defense Department needs to
defend the nation against significant cyberattacks. “This is a small part of
all the cyberattacks against the U.S. -- not a denial-of-service attack, unless
it would cross the threshold of armed attack for most instances,” he said.
“The Department of Defense is not here to defend against all
cyberattacks -- only that top 2 percent -- the most serious,” Rosenbach added.
Finally, he said, the department wants to provide
full-spectrum cyber options to the president or the defense secretary in cases
that would be advantageous to national interests.
DoD Role in U.S. Cybersecurity
Rosenbach said in light of the evolving nature of the
threat, DoD is committed to a comprehensive, whole-of-government cyber strategy
to deter attacks.
“This strategy depends on the totality of U.S. actions, to
include declaratory policy, overall defensive posture, effective response procedures,
indication and warning capabilities, and the resilience of U.S. networks and
systems,” he said. Within this, Rosenbach said, the department has three
specific roles within the U.S. government from a deterrent perspective.
“First, we need to develop capabilities to deny a potential
attack from achieving its desired effect,” he said. “Second, the U.S. must
increase the cost of executing a cyberattack. In this regard, DoD must be able
to provide the president with options to respond to cyberattacks on the U.S.,
if required, through cyber and other means.”
Rosenbach also emphasized that potential responses to
cyberattacks are considered not only from a purely cyber perspective, but also
in a way that encapsulates foreign policy tools and military options.
Finally, he said, it’s important to ensure resilience so the
cyber infrastructure can bounce back from an attack.
“This, when it comes down to it, is pure cost benefit-type
analysis to make sure the cost is much higher than the benefit to the adversaries
who want to attack us,” Rosenbach said.
Investing in Capabilities
To bolster its deterrence strategy, Rosenbach said, DoD has
made a conscious decision to invest in capabilities and the cyber mission
force.
“We have built robust intelligence,” he said. “I do think
that it’s an important part of it, although not the core part, and we know that
we need to reduce the anonymity of cyberspace so that adversaries who attack us
don’t think they can get away with it.
“These attribution capabilities have increased significantly
in recent years,” he continued, “and we continue to work closely with
intelligence and law enforcement to improve this.”
To carry out these missions, the Defense Department is
building a cyber mission force composed of 133 teams, Rosenbach said.
“There’s an important role for the National Guard and the
reserve,” Rosenbach said. “We want to capitalize on the expertise that folks
who are in the private sector, but still want to serve their country, have.”
Building a cadre of cyber experts is very important to the
defense secretary, Rosenbach told the panel. Since taking office, he said, one
of Carter’s top priorities has been ensuring DoD has new “tunnels” for talent
to enter the department’s cyber community.
Building Partnerships
Building strong partnerships with the private sector -- as
well as with other government agencies, allies and partners – also is
important, Rosenbach told the senators.
“The geography of the Internet itself means we can’t do this
alone,” he said. “We’ve invested a lot of time -- even recently -- in Asia, the
[Persian] Gulf and other places in the Middle East, and of course, [with] our
traditional allies … and in NATO, in this area.”
Rosenbach also emphasized the important role Congress plays
in passing legislation that improves the standard of cybersecurity.
Posts
No comments:
Post a Comment