The U.S. military is unified in the goal of protecting their networks as a warfare domain, but a lot of work remains to be done, particularly in providing everyone with the skills needed to protect against cyber threats.
Lt. Gen. William Bender, Chief, Information Dominance and CIO for the Office of the Secretary of the Air Force, told the audience at AFCEA’s Defensive Cyber Ops Symposium, held in late April in Washington, D.C., that getting the Defense Department’s IT house in order “begs for an enterprise view, [an opinion] shared increasingly by all my counterparts in the E-Ring … There’s nothing short of a workforce transformation taking place.” Bender said the Air Force is looking to “operationalize” CIO functions, as a means of furthering its capabilities for cyber war.
The U.S. Marine Corps is coming out of a 10- to 12-year period spent in an unfamiliar environment – a land war – said Ken Bible, Deputy Director, C4, and Deputy CIO of the service. The expeditionary force was “on the hairy edge where all you’ve got is a radio,” he said. But the technological developments created “some very interesting platforms they’re using to get out to the edge.”
However, as has often been the case, the challenge for DOD is how to improve the acquisition system to bring these new capabilities into the military.
“The system is operating as designed, so how do you change the system?” Bender said. “How do we budget? Is there a flexible budget? Can things be a little more … fluid? The systems integrator model [is] very risk averse – how [do we] do low barriers to entry, low barriers to exit in contract vehicles?”
The CIOs agreed that DoD is committed to the Joint Information Environment, though challenges to implementing it are varied.
“If you’re talking about a single security architecture, [that’s] complex, there are challenges, but not a migration problem per se,” Bender said. “The larger issue is command and control of that.”
Bible said JIE “has turned out to be a good thing in terms of developing relationships” between the CIOs and cybersecurity personnel.
A second panel of speakers, drawing from combatant commands, said the military’s cyber capabilities are only going to get stronger as services expand their focus beyond protecting networks to include weapons systems, platforms, and infrastructure.
Rear Adm. Dwight Shepherd, Director of Cyberspace Operations/J6, US Northern Command/NORAD, suggested DoD has to undertake more modeling and simulation, one way to explore different methods of protecting cyber assets.
“Cyber [Command] in general and, broadly, cyber operations across the department is maturing rapidly,” said Lt. Gen. James Kevin McLaughlin, Deputy Commander, US Cyber Command. “We continue making progress, [from] a build focus, getting people in place, to a readiness focus, the ability to use the force.”
Maj. Gen. Sandra Finan, Deputy CIO, C4 and Information Infrastructure Capabilities, DoD CIO, said CIO Halvorsen’s office is developing the first department-level issuance for satellite communications (satcom). She suggested that DoD needs a new domain – for electromagnetic spectrum.
“We tell everyone where we are [on the spectrum], so everyone knows where to attack us to take out that capability,” Finan said. She suggested that advanced technologies are needed for radio, computer, and radar networks that, if signal jamming is detected, the networks can automatically move to another frequency.
“Information superiority on the field of conflict [is] dependent on widespread use of hardware and software, [but our] superiority in electronics is severely challenged. At the tactical edge, our warfighters need uninterrupted communications … in a contested, congested, and competitive electronic environment,” she said. “[We must] develop and exploit technologies to use electromagnetic spectrum to the fullest.”
John Wilcox, Director, Communications Systems/J6 and CIO, US Special Operations Command, agreed. “One of SOCOM’s biggest needs is [that] many fighters at the tip of the spear have limited bandwidth,” he said.
As in the earlier panel, the speakers said there are a lot of unknowns and unanswered questions about command and control in the cyber realm.
“The reality today is that problems often span four, five, six combatant commands [in] multiple regions,” McLaughlin said. “Do all the participants have the right level of control and the structure that allows collaboration” and the ability to assess risks across these multiple arenas?
He suggested that there has to be a level of cooperation and collaboration, but that all the combatant commands have unique characteristics, resources, and threats. Adm. Michael Rogers, the commander for USCYBERCOM, “has the authority to direct cyber operations across DoD,” he said.