Cyber command faces urgent agenda

 

Connecting state and local government leaders

Military leaders expect the new unified Cyber Command to rationalize military cybersecurity efforts, while grappling with the increasing complexity of cyberspace and ongoing workforce issues.

Military leaders from the Army, Navy, Air Force and Marine Corps expect the Defense Department’s new unified Cyber Command to rationalize military cybersecurity efforts.

However, at the same time, the increasing complexity of cyberspace and ongoing workforce issues remain pressing challenges, adding urgency, they said, for the new command to articulate its strategy soon.

“We made conscious decision a year ago, knowing Cybercomm was coming, to [ensure the Army’s] direction was in sync with expected plans — and wait for the guidance,” said Maj. Gen. Gregory Schumacher, the Army's assistant deputy chief of staff.

“Now that [the Cyber Command] is here, my sense is now is the right time to move forward,” Schumacher added. But he cautioned it will be important to “get guidance from Cyber Command” soon, in terms of “what are the definitions, what are the forces and the structure, and not get ahead of that and create more confusion.”

Schumacher, speaking at a cybersecurity conference held in Washington by the D.C. chapter of the Armed Forces Communications and Electronics Association June 25, noted that cyberspace has become a complex operating environment that requires increasingly sophisticated skills.

He described the environment as one with many layers — beginning at the individual level and moving through the cyber-persona layer, the network layer, a physical layer, and a geographic layer. It’s further complicated by the fact that a single site can be accessed by multiple users; or one individual can have multiple domains.

“We see cyber cuts across geographic domains, and raises the question of what kind of forces do we preset,” he said.

At the same time, it’s important to recognize that changes in the military’s network defenses can give away important operating clues to U.S. adversaries, said Maj. Gen. David Senty, acting vice commander, Air Force Cyberspace Command (Provisional), and commander, Air Force Network Operations, Barksdale Air Force Base.

“Network operations today [need to be] approached differently,” Senty said. “When we make a network change, what are we telling our adversaries? And what might they conclude we’re changing? Everything we do, I want to know what fingerprints we’ve left,” he said.

Sentry, along with U.S. Navy Rear Adm. (Select) Sean Filipowski, raised the need to improve the cyber skills of the military’s workforce.

“We have two skills sets we’re looking for — expeditionary combat skills and cyber skills,” Senty said. “It’s a jump ball whether we combine them, or they will remain separate.”

“We consider every sailor who touches a computer is a cyber-warfare (specialist),” said Filipowski, director, Computer Network Operations of the Naval Network Warfare Command.

“We need to have instantaneous visibility into our networks and a common operational picture,” he added.

“What keeps me up at night,” said Ray Letteer, representing the U.S. Marine Corps, “are poor browser and SQL database configurations.” he said. “My blue teams that do operational tests keep finding issues,” he said, pointing to peer-to-peer operating systems, people failing to follow policies, and the reliance on passwords as some of the many ways systems are easily breached.

“Phishing is becoming more sophisticated,” said Letteer, who heads the Marine Corps’ Information Assurance Division in the Office of the Director, C4/DON Deputy Chief Information Officer.

“But I’m really concerned with this rush to social networking,” he said. “I’m not convinced of it yet. I know how easy it is to gather information. We appreciate its importance for recruiting, but on the operational end, it has many risks,” he warned.

Letteer also argued that the use of advanced auditing tools as a means of defending military networks was little more than “perfume on a pig.”

“The implementation of cyber security is more than tools and boxes. The tools are useless without the people. Try as we might, we are all going to be subject to a user error in judgment,” he said. “That’s were accountability comes in. We have to be more comfortable to apply punishments with recalcitrant individuals who ignore the concerns and become a risk to my network,” he said.

Defining the skills and requirements to combat cyber threats will be an important first step for the new Cybercom, said Schumacher, even before the command tackles how to deal with reported shortages in cyber security experts.

Cyber Command will need to “articulate and define the skill sets--including some joint skill sets,” he said. “But they need to articulate specific mission skill sets as well, before we determine how many of what we need,” he said. What is actually required “is still fuzzy,” he said.

The panel's moderator, Lt. Gen. Harry Raduege (retired), co-chair of the CSIS Commission on Cybersecurity for the 44th Presidency, and chairman, Deloitte Center for Network Innovation, noted that the commission has been asked to prepare a Phase 2 plan for President Barack Obama’s Cyber Security Policy initiative, announced May 29.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.