[Infowarrior] - Cyber Debate: Which Way DISA

Wed Mar 18 14:46:37 UTC 2009

Cyber Debate: Which Way DISA
By Colin Clark Tuesday, March 17th, 2009 2:01 pm

http://www.dodbuzz.com/2009/03/17/cyber-debate-which-way-disa/

There is one month left before the government-wide cyber review ends.  
Defense Secretary Robert Gates is expected to announce a four-star  
combatant commander to run cyber warfare soon after that review is  
finished.

Our story about a cyber COCOM sparked a rollicking debate about the  
roles of DISA and, to a lesser degree, NSA and STRATCOM. While I can’t  
identify who the posts came from, I can tell you that several of them  
came from practitioners of these dark arts.

In the hopes of driving the debate even further, here are some of the  
comments, with observations.

John Schrader, a colonel, said the country does need a cyber COCOM,  
but it should be kept within the current organizational structure.  
Since the Unified Command plan places cyber under STRATCOM he proposes  
making the cyber COCOM “a Sub-Unified Command of STRATCOM. It will be  
multi service and have its own component commands. The services will  
train and equip in order to present forces to the cyber commander who  
lives within the strategic context of STRATCOM with all the advantages  
of cross COCOM operational authority.”

While I understand John’s commitment to the UCP, I think he ignores  
the very real chain of command concerns that having a four star report  
to another four star. While you can get anyone to do anything within  
reason, I think it would dangerously muddy the chain of command.

He recommends taking DISA’s Joint Task Force-Global Network Operations  
and expanding it. He argues that this “comes with a staff structure  
and one dimension of cyber built it.”

But very few people I’ve spoke with in either the military or  
intelligence worlds believes that DISA is the right place to park such  
responsibilities, especially as long as NSA continues to throw its  
weight around. John argues that we should keep “NSA doing what it does  
best…it becomes a force provider.” But, with all respect, to expect  
NSA to provide much of the muscle and therefore the money and expect  
the biggest chunk of the IC to just do what the regular military tells  
it to do is to ignore most of the last five years of conflict between  
these groups.

Create an industry council as part of the command group that engages  
and involves industry.

I’m afraid I’m more in line with Joe’s thinking on this one.. He says,  
“DISA is a horrible choice for this. DISA is a bloated bureaucratic  
nightmare who cannot get any project of not completed without  
inflating the price tag beyond anything reasonable. They are shamed by  
any commercial counterpart, and a laughing stock everywhere else.”

Sinlock also think DISA is “a horrible choice. You need to ask  
yourselves this. If the 40 some odd security vendors and companies out  
there cannot solve the problem (detect rates) and they employ the best  
in the business how in the heck do you think the DOD or intel agencies  
can?”

Caine weighs in, believing that “the Intel and DoD communities have  
the cream of the security crop” but are “hampered and hamstrung by  
horribly outdated and bureaucratic processes.”

Take all this, compress it and I think you come up with several clear  
answers. One, we need a cyber COCOM with clear command  
responsibilities and his own troops. Forcing him to rely on NSA  
personnel will only prolong the already fatiguing fight between NSA,  
DoD and DHS.

Make sure that whoever gets final civilian authority to lead cyber  
activities in the federal government is given clear lines of funding  
and operational authority. DoD has to be able to exercise its Title 10  
responsibilities without getting mired in battles between it, the IC  
and DHS.

I’m betting our readers know more about these issues than most because  
of your knowledge of the military and IC. Let’s hear your thoughts.