By Cheryl Pellerin DoD News, Defense Media Activity
WASHINGTON, September 29, 2015 — Defense and deterrence are
two of the highest priorities for bolstering the nation’s cybersecurity
capabilities, top officials from the Defense Department and the intelligence
community told a Senate panel here today.
Deputy Defense Secretary Bob Work testified on
In his remarks to the panel, Clapper said that for the third
year in a row, cyberthreats headed the list of threats reported in the annual
National Intelligence Worldwide Threat Assessment.
“Although we must be prepared for a large Armageddon-scale
strike that would debilitate the entire U.S. infrastructure, that is not … the
most likely scenario,” Clapper added.
Integrating Intelligence
The primary concern is low- to moderate-level cyberattacks
from a growing range of sources that will continue and probably expand, he
said, adding that in the future he expects to see more cyber operations that
manipulate electronic information to compromise its integrity, as opposed to
deleting or disrupting access to it.
Clapper said President Barack Obama has directed him to form
a small center that will integrate cyberthreat intelligence from across federal
agencies, as do centers established over the years for counterterrorism,
counterproliferation and counterintelligence.
In his remarks to the panel, Work said recent cyber
intrusions involving the Office of Personnel Management, the Joint Staff and
Sony by three separate state actors are “not just espionage of convenience, but
a threat to our national security.”
Earlier this year, the department released a new strategy to
guide the development of its cyber forces and strengthen its cybersecurity and
cyber deterrence postures. The previous cyber strategy was released in 2011.
DoD Core Missions
As laid out in the new strategy, DoD’s core missions are to
defend DoD network systems and information, defend the nation against cyber
events of significant consequence, and provide cyber support to operational and
contingency plans.
“In this regard, U.S. Cyber Command may be directed to
conduct cyber operations in coordination with other government agencies … to
deter and defeat strategic threats in other domains,” Work said.
On cyber deterrence, Work acknowledged that he and Defense
Secretary Ash Carter “recognize that we are not where we need to be in our
deterrent posture,” and the revised strategy is designed to help improve cyber
deterrence.
Deterrence works by convincing any potential adversary that
the costs of conducting an attack far outweigh potential benefits, Work said,
describing the three pillars of the cyber deterrence strategy as denial,
resilience and cost imposition.
Cyber Deterrence
“Denial means preventing the cyber adversary from achieving
his objectives; resilience is ensuring that our systems will perform their
essential military tasks even when they are contested in the cyber environment;
and cost imposition is our ability to make our adversaries pay a much higher
price for malicious activities than they [expected],” the deputy secretary
explained.
Work said that because nearly every successful network
exploitation involving the Defense Department can be traced to one or more
human errors that allowed entry into the network, raising the level of
individual cybersecurity awareness and performance is critical.
“As part of this effort, we recently published a
cybersecurity discipline implementation plan and a scorecard that is brought
before the secretary and me every month,” he said.
The scorecard holds commanders accountable for hardening and
protecting their critical systems, and allows them to hold their personnel
accountable, Work said, noting that the first scorecard was published in
August.
“Denial also means defending the nation against cyberthreats
of significant consequence,” Work said, “and the president has directed DoD,
working in partnership with other agencies, to be prepared to blunt and stop
the most dangerous cyber events.”
Fighting Through Cyberattacks
On resilience, Work explained that adversaries view DoD's
cyber dependence as a potential wartime vulnerability, so the department views
its ability to fight through cyberattacks as a critical mission function.
“That means normalizing cybersecurity as part of our
mission-assurance efforts, building redundancy whenever our systems are
vulnerable, and training constantly to operate in a contested environment. Our
adversaries have to see that these cyberattacks will not provide them a
significant operational advantage,” Work said.
The third aspect of deterrence means demonstrating the
ability to respond through cyber and non-cyber means to impose costs on a
potential adversary.
“The administration has made clear that we respond to
cyberattacks in the time, manner and place of our choosing, and the department
has developed cyber options to hold an aggressor at risk in cyberspace if
required,” Work said.
Measurable Progress
During his testimony, Rogers said the military is in
constant contact with agile, learning adversaries in cyberspace who have shown
the capacity and willingness to take action against soft targets in the United
States.
Some countries are integrating cyber operations into a total
strategic concept for advancing their regional ambitions, he said, “to use
cyber operations to influence the perceptions and actions of states around them
and shape what we see as our options for supporting allies and friends in a
crisis.”
“We need to deter these activities by showing that they are
unacceptable, unprofitable and risky for the instigators,” he added.
U.S. Cyber Command is building capabilities that contribute
to deterrence, the admiral told the panel.
“We are hardening our networks and showing an opponent that
cyber aggression won't be easy,” Rogers said. “We are creating the mission
force -- trained and ready like any other maneuver element that is defending
DoD networks -- supporting joint force commanders and helping defend critical
infrastructure within our nation.”
U.S. Cyber Command has made measurable progress, he added.
“We are achieving significant operational outcomes and we have a clear path
ahead."
Posts
No comments:
Post a Comment