23 March 2015

Cyber commands coordinate strategies

John Edwards annd Eve Keiser
March 4, 2015 

As the number of serious online attacks multiply, U.S. Cyber Command (CYBERCOM) and its subordinate commands, including the 24th Air Force, 10th Fleet and Army Cyber Command, are developing joint strategies to both defend their networks and strike against confirmed adversaries.

"U.S. Cyber Command and the subordinate component cyber commands ... are tightly integrated from not only a command and control perspective, but also from a manning perspective," said retired RADM Robert E. Day Jr., the former commander of Coast Guard Cyber Command. "Many of the personnel at U.S. Cyber Command and the subordinate mission teams are formed from personnel that each service has assigned to the joint U.S. Cyber billets," said Day, who currently leads Bob Day & Associates, a cyber consulting firm located in Washington, D.C.

In the federal government's current cyber warfare infrastructure, missions overlap and each service is building its own defensive and offensive cyber capabilities. "One of the original ideas was to have the services concentrate on the areas that are closest to their core missions, so the Navy would work [on] maritime issues, the Air Force [on] air and space issues that come up in the cyber domain and the Army would work [on] land issues," said retired Col. Cedric Leighton, a former deputy director of training for the National Security Agency. "In practice, though, the cyber domain cuts across all this, so there are some who advocate for a separate 'cyber force.' "

Leighton believes that such an organization would need to be thought out and implemented carefully. "In the meantime, U.S. Cyber Command is supposed to exercise, manage or facilitate that coordinating function," said Leighton, who is currently the chairman of Cedric Leighton International Strategies, a strategic risk and leadership management consulting firm located in the Washington, D.C., area.

Day noted that CYBERCOM has already assigned specific missions to each of the component cyber commands under its operational control. "Additionally, component commanders are working with CYBERCOM and each service to revamp their enterprise IT systems to develop standard security architectures and security capabilities that enhance the ability of CYBERCOM and the components to harden and defend their cyber terrain."

According to Day, training and qualification standards have also been harmonized across the various cyber commands. "Even though they may be called [by] different qualification standards, the services have ensured that their cyber warriors each meet common core training and demonstrated skills so that they can be assigned into the joint billets."

Talent and training challenges

As CYBERCOM and the subordinate commands work to synchronize their operations, they're also finding themselves competing against each other in the attempt to draw skilled talent from a relatively shallow pool of qualified experts. "Just like in private industry, the cyber commands are in a talent war with each other and with other government agencies," Leighton said. "They ... need to have coherent strategies, clearly defined missions and a solid training pipeline."

Leighton noted that the military, along with the entire intelligence community (IC), are now spending a great deal of time and money on training the next generation of cyber warriors and related cyber experts. "The hard part is finding ... cyber talent in nontraditional areas, because many people skilled in the cyber arts don't have traditional educational credentials," he explained. "So the services need to think about their vetting processes for such nontraditional talent."

In an effort aimed at deepening the national cyber talent pool, the National Science Foundation (NSF), NSA and the Department of Homeland Security have united to certify and provide resources to educational institutions that develop cyber curriculums designed to produce the skill sets required by the various cyber commands. "Additionally, scholarships and internships are provided to students in these curriculums in exchange for serving in a federal cyber position upon graduation," Day said. He noted that recruiting representatives of the different cyber commands are now actively participating in technology security events, such as Black Hat, that bring military cyber leaders into direct contact with the hacker community. "Cyber challenges and a broad range of other initiatives have been conducted to encourage our youth to enter into the cyber field," Day said. According the Day, all of the service academies are now developing new cyber education programs and encouraging cadets to enter these curriculums.

"I believe GEN Keith Alexander [CYBERCOM's first commander, currently retired] was smart when he went out to the DEFCON #20 Hacking Conference in 2012," said Jim Lint, a former director, G-2 Intelligence, for the Army Communications-Electronic Command. "He also had recruiting civilian personnel out there who talked to the personnel about working at NSA."

Lint noted that the NSA and CYBERCOM have both requested and received several types of expedited civilian hiring authorizations. "This is designed to [help them] get past some of the slowness of federal government hiring practices." Lint also mentioned that the various cyber commands are making some basic changes in the ways they operate to find qualified cyber talent, including turning to civilian hiring experts and creating new Military Occupational Specialty codes (MOS codes). "The Army is making [new] cyber defender MOSes, with new training and a new career field," Lint said. "For the Army this is a change, and a good one."

Resources and funding

According to press reports, the Pentagon's cyberwarfare budget has grown from $3.9 billion in 2013 to $4.7 billion in 2014 and an estimated $5.1 billion in 2015. Yet, if new threats emerge, or old ones become more active, even more money may soon have to be directed toward the various cyber commands. "Adequate funding is always in the eye of the beholder," Leighton said. "There's a natural tendency to want more, no matter how much you get." Leighton believes that funding levels are adequate for now, "but if the country is subjected to a large-scale, coordinated and successful cyber attack, we may find that even this increased level of funding will be insufficient," he said.

Regardless of how much money the cyber commands have at their disposal, Leighton believes that the various cyber commands need to do a better job synchronizing business and government responses to cyber attacks. "The latest technical advances in cybersecurity are not the sole purview of one side or the other," he observed.

Leighton also believes that cybersecurity is an issue that leaders of both major political parties can agree upon. "Cyber is an area in which there could be bipartisan agreement ... at least on the need to safeguard our cyber infrastructure," he said.

Leighton said that the White House and Congress now both realize that cyber is a new warfare domain, "and that will mean increased resources for the cyber commands of the various services, as well as the U.S. Cyber Command." Leighton noted the president's recent budget proposal requests increased DoD cyber spending. "It's one of the few growth areas in DoD spending, and I see that trend changing [upward] in the next few years," he said.

Looking inside

As the various cyber commands continue ramping up their operations in order to position themselves as a comprehensive offensive/defensive cyber force, their leaders will also have to address threats emerging from unexpected foes. "A key area of protection will be against the insider threat, which is hard to find while also protecting civil liberties," Lint said.

"For the most part, the insider threat is a new counterintelligence threat," Lint stated. "The 'new' portion is the avenue of using cyber as a tool by the insider."

Lint predicted that in the years ahead, emerging computer technologies, such as big data, might help analysts detect data anomalies indicating an insider threat. Meanwhile, IC-wide expertise will be essential to countering insider threats. "Counterintelligence has years of experience in countering hostile espionage services," Lint said. "The insider threat is very similar in the information acquisition phase."

No comments: