DOD also needs to take account of its infrastructure and develop the ability to respond quickly to attacks, Marine Lt. Gen. Jon M. Davis says.
If the Defense Department wants to improve cybersecurity it needs to get a handle on its IT infrastructure and start treating it more like a weapons system, the U.S. Cyber Command’s former deputy commander said this week.
Speaking at AFCEA NOVA’s Navy IT Day on June 11, Marine Corps Lt. Gen. Jon M. Davis, who finished a two-year stint as deputy commander this month, highlighted several areas that the Cyber Command has been working to improve.
First is the overall defense architecture. The Defense Department’s networks were not designed to be plug-and-play, and tended to be modified by officers without any specific blueprints in mind. The end result is that the networks could not be easily mapped.
“I’ll tell you right now that the architecture that we have right now is not defensible,” Davis said. DOD can’t map its networks or boundaries because managers don’t know where they are – networks come from different vendors with different equipment and were never designed to be integrated, he said.
Part of the problem is that the architecture is being treated as IT rather than as a weapons system -- DOD is working on how to change perceptions of cybersecurity and cyber warfare. Users will have to begin to view networks with as much importance as they do weapons, especially as warfighting capabilities and technology increasingly depend on these networks.
This means that standards for dealing with network mishaps may have to change.
“We’re also going to start holding people accountable for how they operate that weapon system,” said Davis. “If I am a Marine three-star lieutenant general and I lose my pistol, I’ll get run out of the Marine Corps, publically. If I am a Marine three-star that loses a thumb drive, well it’s just IT… we’re going to start treating this like a weapon system.”
DOD has also made improvements to its operational concept of cyber warfare, focusing on joint requirements first and building combatant command capabilities that will ultimately flow down to the service components, Davis said. This includes training for combatant commanders so that they know what to ask for in order to solve problems.
Global situational awareness remains an issue for the Cyber Command, especially in terms of protecting strategic national infrastructure. While the DOD’s networks have sensors and can detect attacks or malicious actions, the networks of critical infrastructure remain off the radar.
“I think that there is a need for the nation to realize the nature of cyberspace and to basically have cyber legislation that’s out there so that we are able share stuff faster than a phone call -- to be able to see, be able to react to it very, very quickly, at light speed if at all possible,” said Davis
To deal with attacks on non-military targets, the Cyber Command also been discussing DOD’s authority to act in defense of the nation. The scope of DOD’s cyber efforts may continue to grow in the future, as foreign military cyber threats continue to affect private businesses. Industry will have to continue to assume responsibility for its own networks, but policing actions and international norms will also have to be used to deter malicious actors.
To determine when these policing actions can be done, DOD has been conducting exercises that simulate the amount of time national decision-makers will have to make in order to avoid the effects of denial-of-service or malware attacks.
“The bottom line is, we want the authority, if these conditions are met, to act,” Davis said. “And so what we’re doing is we’re basically exercising, developing capabilities to stop something like that if the nation wants us to stop that. The president of the United States would have the authority to tell us to go do that. So what we’re building for our nation is exactly that – the capability to do something about an incident.”
The final area the command has been developing is trained cyber teams. The teams now include national mission teams that are focused abroad, combat mission teams that support combatant commands, and cyber protection teams that maintain cyber defense.
As budgets continue to become more constrained, the Cyber Command will be continuing to focus on human capital and training in order to build these teams.