Cyber Command moves into uncharted territory
Cross-military collaboration, private-sector input are keys to success
- By Kevin Coleman
- Jul 13, 2010
Now that the Defense Department has officially established the Cyber Command and named Gen. Keith Alexander as its head, the command staff’s collective attention is turning to defining how U.S. defense forces should operate in the cyber environment.
Historically, operational strategies and tactical planning look to the past. But this time is different. We have very little empirical knowledge about strategies and tactics in cyber warfare. We have an abundance of data from cyberattacks, a fair amount of data on the software and hardware used as mechanisms of attack, but little data related to the processes, tactics and strategies of cyber conflict. So the cyberspace problem has forced militaries around the world to deviate from traditional planning efforts and take a different approach: cross-military collaboration with input from the private sector.
Unlike in conventional conflict in which the military can operate autonomously, the world of cyberspace is the result of commercialization activities that the private sector started. I am sure everyone remembers commercial-off-the-shelf technology, which was an initiative to cut military costs by using commercial products for military applications rather than products that were tailored to specific military applications. In addition, the private sector owns or operates 80 to 85 percent of our nation’s critical infrastructure, so industry must be included in these discussions.
A cross-functional group was recently called together to deal with military operations in cyberspace. The group members brought different expertise from the military and private sector, and they all collaborated toward a common goal. This was a group of heavy hitters that included rear admirals, brigadier generals, one major general, a Cyber Command representative and subject-matter experts from industry. Even the hacker community had a place in this effort. During two and a half days, the group members split into working groups and received specific assignments and objectives. What struck me was the all but absent integration of critical private-sector infrastructure entities and the discussion about responding to attacks on the private-sector infrastructure used by DOD andmilitary services. The only exception was the Air Force program. It included all branches of the military in addition to the intelligence community — and actually included private-sector participation.
The output of those working groups will likely influence the directorate that shapes education and required skills for U.S. military forces. It also will impact operational briefings on training at the national leadership level. The recommendations as delivered would have direct effects on the cyber warfighting commanders and the National Command Authority, and they also might influence the National Security Doctrine. Once completed, each working group would deliver a summary to a high-ranking officer from the Strategic Command. For security reasons, it is not possible to discuss the details of the operational planning exercises or operational recommendations that the working groups produced. However, the integration of private industry with the senior level military staff signals a realization that neither side can deal with the ever-growing threats we face in cyberspace alone. All sides brought ideas worth sharing and were open to the criticisms and recommendations made by their counterparts.
It appears a new era is upon us. It is one of collaboration among the military, federal agencies and industry. The problems that surround boosting offensive and defensive cyber capabilities and defending our critical infrastructure from cyber terrorists, criminal organizations and rogue nations are so numerous and complex that it will take the best and brightest people that our nation has, regardless of affiliation — and even then, it will be a great challenge.
Kevin Coleman is a senior fellow with the Technolytics Institute, former chief strategist at Netscape, and an adviser on cyber warfare and security. He is also the author of "Cyber Commander's Handbook." He can be reached by e-mail at: firstname.lastname@example.org.