[Infowarrior] - Control Of Cyberwarfare

[Richard Forno]

Stars and Stripes
April 30, 2013 

Control Of Cyberwarfare

http://www.stripes.com/should-cyber-warfare-be-elevated-to-highest-command-structure-1.218776

Move to Make CYBERCOM Its Own Command Under Review

By Chris Carroll, Stars and Stripes

WASHINGTON ‹ To former Defense Secretary Leon Panetta, the threat of
cyberattack was a potential Pearl Harbor and 9/11 rolled into one, an event
terrorists or foreign adversaries could create, he said, to ³paralyze the
nation.²

Defense Secretary Chuck Hagel¹s rhetoric is cooler, but still he calls the
threat of computer network attacks nothing less than ³the greatest threat to
our security.²

Over the last year, both secretaries have considered pulling the military
command responsible for countering such threats ‹ U.S. Cyber Command ‹ out
from under U.S. Strategic Command and making it a unified combatant command.
That would put CYBERCOM on equal footing with the six regional combatant
commands, as well as functional unified commands established to oversee
special operations, nuclear deterrence operations and global transportation.

Many experts say the move would make sense, cementing cyber warfare as a
focal point of the Defense Department¹s 21st-century national security
responsibilities. Supporters say the new unified command would become an
integral part of global operations, as Special Operations Command has done
since its activation in 1987.

Others suggest that once the current wave of cyber enthusiasm passes, a
top-level Cyber Command could lose steam and end up like U.S. Space Command.
It was created in 1985 amid planning for the Strategic Defense Initiative,
and disestablished in 2002 when, as one expert said, ³it turned out as a
domain, space isn¹t as cool as we thought.²

For now, Chairmen of the Joint Chiefs of Staff Gen. Martin Dempsey seems to
be on the side of the naysayers, recently telling the Senate Armed Services
committee that while an independent CYBERCOM might make sense in several
years, ³we just aren¹t there yet.²

Hagel¹s take on the matter, and ultimately President Barack Obama¹s, will
trump Dempsey¹s opinion, however, and the Pentagon said the matter is still
under review.

³On a number of occasions the Secretary and the Chairman have discussed
their concerns about the growth of cyber threats and the need to ensure DoD
is organized, trained and equipped to address these threats,² Pentagon
spokesman Lt. Col. Damien Pickart said in a written statement to Stars and
Stripes. ³While the Joint Staff has been examining different command
options, including maintaining the status quo, the Secretary has not made a
decision at this time on whether to recommend a change to the President.²

The cost of elevating Cyber Command is one of the questions Hagel and the
Pentagon brass must weigh carefully, said Jason Healey, a former Air Force
cyber warrior and director of the Cyber Statecraft Initiative at the
Atlantic Council, a Washington think tank.

³With sequestration and the military pulling back in so many areas, how do
you justify it?² Healey said. ³The amount of senior leader attention and
budget that would go into creating another command is highly questionable.²

Before any move to set up a unified CYBERCOM, Congress wants to know the
costs in advance, legislators told the Pentagon in the 2013 National Defense
Authorization Act. Even a modest cost could be swimming against the tide,
with budgets contracting and fresh memories of another unified combatant
command ‹ U.S. Joint Forces Command, with a nearly $1 billion yearly budget
‹ eliminated in 2011 as a cost-saving measure.

Healey, a founding member of the U.S. military¹s first joint cyberwarfare
command in the late 1990s ‹ a precursor to the current Cyber Command ‹ said
there may be a dawning realization that creating a large new bureaucracy
won¹t solve the Pentagon¹s most basic cyber problem: sloppy and incomplete
defenses across the many networks of the sprawling department.

³Since 1998, we¹ve changed command structures every three years or so but,
but we suffer the same problems as [we did] then,² he said.

But another cyber expert said it¹s a ³natural step,²to promote Cyber Command
to a unified combatant command. Previous attempts to establish a joint cyber
operations command haven¹t been fully satisfactory, possibly because the
commands haven¹t held enough power, said James Lewis, senior fellow at the
Center for Strategic and International studies.

³The United States typically has to experiment with different structures to
park a new function; sometimes it¹s in a service, and sometimes it¹s a
command,² he said. ³Cyber is going through that right now as we figure out
how to organize ourselves.²

One of the factors holding up the elevation of Cyber Command could be its
current close association the National Security Agency, charged with foreign
electronic spying. Both agencies are led by Army Gen. Keith Alexander, and
based at Fort Meade, Md.

The close association with the NSA gives Cyber Command a ³black magic² aura
and makes it harder to explain its straightforward, though often classified,
military role to Congress and some in the private sector, said John
Bumgarner, chief technical officer at the U.S. Cyber Consequences Unit, a
nonprofit research organization, as well as a former Army cyberwarrior
attached to special operations command.

Congress has similar misgivings. In the 2013 defense spending bill, it
singled out the uncertain lines between the military and intelligence
communities when it comes to cyber. Congress said it wanted an explanation
from the Pentagon of ³how a single individual could serve as a commander of
a combatant command that conducts overt, though clandestine, cyber
operations under Title 10, United States Code, and serve as the head of an
element of the intelligence community that conducts covert cyber operations
under the National Security Act of 1947.²

Several observers who asked not to be named said that while the Pentagon
values the utility of having CYBERCOM attached to an agency with the
capabilities of the NSA, many in Congress are uncomfortable with the
arrangement. The elevation ‹ and potential separation of the two entities ‹
may occur after Alexander¹s retirement.

³The pressure certainly exists to have this as an independent command,
perhaps within the next year,² a Washington analyst said. ³But a lot of this
could depend on who is in charge, who is in office, and what the structure
is.²

Ian Wallace, a visiting fellow in cybersecurity at the Brookings
Institution, a Washington think tank, said cyber is likely to be elevated in
coming years, but that there would remain a number of crucial issues to sort
out.

How would the service branches and the other combatant commands operate
together with the newly elevated CYBERCOM? What level of capability will the
new command have, and how much of the various services¹ current cyber
capability will it pull under its wing?

What ties the questions together, said Wallace, a former cybersecurity
official for the United Kingdom¹s Ministry of Defense, is that they would be
easier to answer if CYBERCOM were promoted to an independent command.

³It would be more efficient to have those discussions with a strong
combatant commander at the center than to have them as a sub-unified
command,² he said.


---
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.