[Infowarrior] - How Will the Cyber Command Actually Work?

Mon Jul 12 11:41:24 CDT 2010

A Defense Technology Blog

How Will the Cyber Command Actually Work?

Posted by Paul McLeary at 7/12/2010 9:29 AM CDT

http://paulmcleary.typepad.com/paul_mcleary/2010/07/how-will-the-cyber-command-actually-work.html

Most journalists have learned the hard way that going to conferences about
cyber security aren’t really the best way to actually collect material to
write stories about cyber security. Shockingly little of value is ever
uttered at these gatherings, which mostly consist of buzzwords like “digital
natives,” and vague promises of trying to find “synergy” between different
branches of government and private industry.

Things weren’t much different at last week’s 2nd Annual Cybersecurity
Symposium sponsored by the Armed Forces Communications and Electronics
Association, but since the conference was packed with a roster of A-list
names in the cyber security game, there were several notable exceptions.

Director of Intelligence & Counter Intelligence for the U.S. Dept. of Energy
Bruce Held warned the audience that just building firewalls and other
defenses against intrusion just  won't be enough, since “a static cyber
defense can never win against an agile cyber offense.” In other words, no
matter how many attacks the United States will be able to repel in the
coming years, there will always be more on the way. “You beat me 99 times, I
will come after you 100 times," he said, "beat me 999 times, I will come
after you 1000 times, and we will beat you.”

Another panelist, Ed Mueller, who serves as Chairman of The President's
National Security Telecommunications Advisory Committee added that while the
United States has “made a big push over the last several years to become
more tactical” when it comes to thwarting cyber attacks, the government
needs to continue to innovate, and that “this bridge between private
[industry] and public [government]  is absolutely essential.”

True enough, but when you look at the way the government—and the military in
particular—is approaching the issue, the sheer volume of different offices
and cyber commands not only confounds, but overwhelms. Just look at the
participants of the final panel of the day, complete with their job titles
as printed in the conference’s schedule:

Maj Gen. Suzanne Vautrinot, USAF - Director of Plans & Policy (J5) U.S.
Cyber Command (USCYBERCOM);

Maj Gen George Allen, USMC, Deputy Director, Marine Corps Forces Cyber
Command (MARFORCYBER), & Director, Command, Control, Communications &
Computers (C4)  & CIO;

RDML Robert E. Day, Jr., USCG Director, Coast Guard Cyber Command;

Brig. Gen. Greg Brundidge, USAF Director, Communications & Information (J6)
& Deputy Director for Cyber, EUCOM Plans & Ops Center (EPOC) U.S. European
Command (USEUCOM);

COL (Promotable) Mark R. Quantock, U.S. Army, Nominated for Director of
Operations (G-3), Army Forces Cyber Command (ARFORCYBER)

Given the pervasive nature of the threat, it's heartening to see each
service branch taking the problem so seriously. Conversely, one  wonders how
all of these different Cyber commands are going to coalesce into one big,
happy family under USCYBERCOM.

Even discussing the problem is complcated. The new Cyber Command’s director
of plans and policy, Maj. Gen. Vautrinot, flat out said that “nobody here
has one job,” since those tasked with heading up their services’ cyber
operations are “dual-hatted” to Cyber Command. Brig. Gen. Gregory Brundidge
added that the services have to “harmonize” their efforts, and quickly. He
mentioned that when he was deployed to Iraq, the services “were fighting to
get information because everyone was reporting up through their own
services. If there is one lesson we’ve learned over the years, it’s that
anything that brings our efforts closer together and harmonizes things is
going to get us much farther along in our journey…what we’re all grappling
with today is how … we bring all these things together that we have created
in our own cocoons,” he said.

While it sounded like everyone involved recognizes the problems created by
so many commands trying to report up though the chain to USCYBERCOM, no one
was able to offer any ideas as to how this will actually happen in practice.
One wonders if, at this point, such a thing is even possible.