Twitter Facebook Google RSS
 
National Defense > Blog > Posts > NSA Chief: Military Not Organized for Cyber Warfare
NSA Chief: Military Not Organized for Cyber Warfare
By Sandra I. Erwin



The U.S. military's hidebound culture and outdated procurement system are slowing down efforts to improve cyber defenses against increasingly sophisticated network attacks, said Navy Adm. Michael S. Rogers, director of the National Security Agency and head of U.S. Cyber Command.

The Pentagon created the cyber command four years ago to prepare to wage war against hackers and foreign spies. It has a $500 million annual budget and a sprawling campus on Fort Meade, Maryland. Its ability to protect Defense Department networks is limited, however, by the military's disjointed organization and outdated attitudes about information technology, Rogers said June 12.

"Our greater challenge is not technology but organization," he told a conference of the Association of the U.S. Army, in Arlington, Virginia.

The Pentagon by some estimates operates 15,000 networks across the Defense Department and the military services. Each branch of the military buys and manages its own systems. Of most concern to Rogers is that cyber security tends to be put on the back burner.

"Military commanders must 'own' cyber," said Rogers. "Networks and cyber [should be] the commanders' business."

In his previous job as head of the Navy's cyber fleet, Rogers was frustrated by a culture where information networks are relegated to the technical support staff, rather than viewed as a command priority. As cyber attacks become more pervasive and intractable, "our ability to integrate cyber into a broader operational concept is going to be key," he said. Now, "we treat cyber as something so specialized, so different, so unique, that resides outside the operational framework."

Commanders operate under the "flawed" notion that they can turn over network responsibilities to the unit's information technology experts, said Rogers. "Commanders have to own this mission and integrate it into operations." Senior officers ought to be as knowledgeable about a unit's network capabilities and potential vulnerabilities as they would be about its fuel and ammunition supplies, he added. "The challenge to that is as much cultural as it is technical."

The military, indeed, needs advanced technologies to build stronger cyber defenses, said Rogers. But a disjointed procurement system makes that difficult. The Defense Department today, he said, cannot "synchronize our capabilities as a team."

The Pentagon must build a "joint network backbone," he said. "I never understood why the services each spend money creating, maintaining, building and operating a global communications backbone. We do it independently. It makes no sense to me. It is inefficient. It does not lead to an integrated approach to problem solving," he added. "We need a joint framework." Each service could still address its own needs for the "last tactical mile."

The Defense Department last year launched a network integration effort, called "joint information environment," to help protect systems from cyber attacks. Rogers does not see any easy fixes to this problem other than a "fundamental change in how we do acquisitions." Networks are not viewed as "war fighting platforms," he said. "We generally turn to our CIO and tell them to go build a network. ... We don't entwine acquisition and operations."

Rogers also called on the military services to beef up their in-house talent. "We need to create a workforce that understands the vision, has the tools and capabilities to execute the vision," he said. "We, the Defense Department, are not on the cutting edge when it comes to networks, and information technology. ... We need to build a trained and ready operational cyber force."

Cyber Command wants to "partner" with the services because it cannot do its job without their cooperation, he said. "It makes no sense to develop some joint vision and jam it down the throats of our services. I tell the services that we are doing this as one team."
Future networks, said Rogers, not only must be joint, but also "defensible ... with an architecture in which defensibility, resiliency and redundancy are core design characteristics. ... I can't say that about current networks."

For Cyber Command, it can be daunting to have to defend networks that it cannot "see," said Rogers. "We have got to create shared situational awareness. It is awfully hard to operate — whether on the offensive or defensive side — in an environment where you cannot see the environment where you operate." Military commanders have "tactical operations centers" where they can follow events in real time. "We don't have that in the cyber world. We have to create that. It's hard to be agile when you can't visualize what you're doing."

Rogers' criticism of military culture echoes the argument made by his predecessor, now retired Army Gen. Keith Alexander. In one of his first public speeches as incoming Cyber Command chief in June 2010, Alexander complained that the command lacked visibility into the Defense Department's networks, which limited its capacity to prevent attacks. He said Cyber Command only becomes aware of intrusions after they happen, and then reacts to the events, because it has little “situational awareness." He suggested the command could not do its job without a "common operating picture." In maneuver warfare, military commanders on the battlefield need situational awareness so they can pinpoint the location of the enemy and try to anticipate what it might do. In cyberspace, the military has no such capability.

Rogers said Cyber Command is preparing for cyber warfare as it also deals with thorny policy issues. His dual-hat role as chief of the NSA and Cyber Command puts Rogers at the center of a growing firestorm over domestic spying and privacy rights. "We need to be mindful of policy and administrative changes to apply these capabilities," he said. "What legal frameworks do we need to execute this mission? Technology has moved much faster than our policy."

Credit:
Adm. Michael S. Rogers (Navy photo)

Comments

Re: NSA Chief: Military Not Organized for Cyber Warfare

Admiral/NSA/Cyber Command/Sandra, Hi,

The problem and enigmatic dilemma that Uncle Sam needs to grasp and resolve, rather than constantly ignore and consistently avoid, in order to even begin to try and be effective in the Cyber Realm and ITs Live Operational Virtual Environments, is revealed in this post ...... http://www.amanfrommars.blogspot.co.uk/2014/06/140615.html

Deny its truth if you will, but defense of the indefensible and inequitable is that which destroys with increasingly rapid certainty, all such systems, and nowadays is highly focussed personnel targeting of prime sub-prime movers and shakers of those systems, the means of delivering required change.

But such is just a refinement of the old system way of doing things, which first degrades and destroys command and control forces before engaging further on a shocking awful scale.

Uncle Sam serves the wrong master and attempts to preserve a corrupt system of virtually remote anonymous global administration with ponzi paper ...... fools' gold wealth which is easily manipulated and created but does have to be distributed to those with a much better idea as to how to spend it creatively to be successful and lauded.
amanfromMars at 6/16/2014 12:35 AM

Add Comment

Items on this list require content approval. Your submission will not appear in public views until approved by someone with proper rights. More information on content approval.

Name: *

eMail *

Comment *

Title

Attachments

Name: *


eMail *


Comment *


 

Refresh
Please enter the text displayed in the image.
The picture contains 6 characters.

Characters *

  

Legal Notice *

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

 

 

Bookmark and Share