[Infowarrior] - DOD cybercommand focus on .mil

Richard Forno rforno at infowarrior.org
Tue Jun 16 11:58:11 UTC 2009 

If true, does this not sound like the JTF-CND / JTF-CNO / JTF-GNO on  
steroids, albeit perhaps with a bit more offensive capability to it?   
--rf


New DOD cyber command will focus on the dot-mil domain

     * By William Jackson, Doug Beizer
     * Jun 15, 2009

http://gcn.com/Articles/2009/06/15/Web-DOD-cyber-command.aspx?p=1

Defense Secretary Robert Gates has not yet made a final decision about  
establishing a new major command in charge of cyber defense, Deputy  
Defense Secretary William Lynn said today.

A crowd of several hundred government, industry and academic officials  
gathered today at the Center for Strategic and International Studies  
in Washington hoping to hear an announcement about the new command,  
which will coordinate efforts across the services to defend the newly  
recognized cyber domain.

However, Lynn said that “as of today, Secretary [Robert] Gates has not  
made a decision on this. The secretary is evaluating proposals,” and  
the joint staff is still ironing out details of how the organization  
will work and what the chain of command will be.

The command is a recognition that cyberspace is a new theater of  
operations, in addition to land, sea and air. It has been proposed as  
part of the administration’s reworking of the government’s  
cybersecurity initiatives.

The organization and duties of the new cyber command have not been  
finalized, but Lynn was very clear today about what the command would  
not be.

“Such a command would not represent the militarization of cyberspace,”  
Lynn said.

DOD will continue to focus on its .mil domain, while primary  
responsibility for the civilian .gov domain will remain with the  
Department of Homeland Security, he said. The private sector will be  
responsible for the rest of the country’s Internet infrastructure. He  
said DOD and the National Security Agency (NSA0 would be available to  
lend their expertise in cyber defense “in a way that upholds and  
respects our civil liberties.”

Lynn’s message was the same as that of NSA Director Lt. Gen. Keith  
Alexander at an industry gathering earlier this year, when he assured  
his audience that NSA had no desire to take over the non-national  
security portion of the country’s information infrastructure.

Some observers have expressed skepticism that DOD and NSA, which not  
only have a great depth of expertise in cyber defense but are  
developing offensive capabilities, would take a back seat to DHS and  
industry in protecting the interconnected online world.

Lynn said coordinating the efforts of the different sectors and  
overseeing their cooperation would be the job of the White House cyber  
coordinator, a position President Barack Obama announced last month.

The president is in the process of selecting the person who will fill  
that position, and some observers expect an announcement by the end of  
this month.

The cyber command will be a unified subcommand of the U.S. Strategic  
Command. As such it would not require legislation from Congress, but  
its commander would require Senate approval, Lynn said.

He emphasized the importance of networking to today’s DOD. “There is  
no exaggerating the military’s dependence on our networks,” he said.  
“Our twenty-first century military simply cannot function without them.”

The threat to those networks is not emerging, he said. “It is here  
today. It is here now. Our defense networks are constantly under  
attack.”

More than 100 foreign intelligence operations are trying to breach DOD  
networks, which are scanned millions of times a day. A number of  
countries are developing offensive capabilities, and terrorist and  
criminal organizations are also prying at the interfaces. In one of  
the most serious incidents, thousands of computers were compromised  
last year, and DOD banned the use of many removable memory devices in  
response.

Lynn said no lives have been lost to cyberattacks to date, but the  
cost of defending networks is increasing. DOD spent $100 million in  
six months last year defending .mil networks. Due in part to that  
constant pressure, the military has some of the best defensive  
capabilities on its networks, and each service has its own operational  
organizations.

“The DOD will defend its networks,” Lynn said. “It will protect this  
domain. [But] we need to do better.”

DOD is not producing the trained professionals it needs to defend its  
networks. Only 80 information technology security specialists graduate  
each year from its military academies. The proposed fiscal 2010 budget  
includes funding that would more than triple that number to 250 per  
year, Lynn said.

The military also must do a better job of overall training in  
cybersecurity and end the competition between commands for the limited  
manpower and resources now available in that field, Lynn said.

The new cyber command will coordinate the military services’  
activities and establish the rules of engagement for responding to  
cyberattacks. Creating those rules is complicated by the fact that  
attacks in cyberspace can happen in a matter of milliseconds rather  
than days or even minutes, and responses must occur as close to real  
time as possible.

The effort is further complicated by the difficulty in attributing the  
source and goal of attacks. Although scans, probes and breaches  
sometimes can be tracked to computers in other countries, Lynn said  
officials are not able to attribute those incidents to a particular  
government or party, or say whether the intent was military, political  
or criminal.

Although the cyber command will restrict its activities to the .mil  
domain, Lynn stressed the need for better cooperation among the  
military, civilian agencies, the private sector and other countries.

About the Authors

William Jackson is a senior writer for GCN.

Doug Beizer is a staff writer for Federal Computer Week.

More information about the Infowarrior mailing list