Quote of the Day:
“Fundamentally, the network’s core is rotten. It’s optimized for criminal activities.”—Marcus H. Sachs, executive director of government affairs for national security and cyber policy, Verizon, describing cyberspace
The second and busiest day of TechNet Asia-Pacific 2010 featured warnings of national cyber catastrophes and assurances that the United States could dominate cyberspace.
Adm. Mike McConnell, USN (Ret.), executive vice president of Booz Allen Hamilton and former director of national intelligence, warns the TechNet Asia-Pacific 2010 plenary address audience of serious cyberspace threats.
The warnings came from diverse speakers, such as Adm. Mike McConnell, USN (Ret.), executive vice president of Booz Allen Hamilton and former director of national intelligence (DNI). In giving the Wednesday plenary address, Adm. McConnell warned that the United States faces the possibility of another catastrophic homeland attack, this time through cyberspace.
The admiral explained that the United States has a $14 billion economy. Two banks in New York move $7 billion in one single day. This money is not hard cash or gold, but instead data moving electronically, and those banks’ backup systems are interconnected. All that data vulnerable to cyberspace attack, and the results of a successful terror attack would be devastating.
Adm. McConnell shared with the audience how his concerns over the vulnerability of the banking sector date back to when he was named DNI by then-President George W. Bush. This type of attack can be prevented, and both the Bush and Obama administrations have taken some steps toward addressing it. However, preventing this potential disaster—which could happen tomorrow—will require a legal framework to empower necessary policies. This goal could be reached within a year if the government acts decisively.
Without that action, the admiral sees three potential scenarios developing in sequence: First, the country talks about what needs to be done, but never gets around to doing it. Then, as a consequence, the United States suffers a catastrophic event. Third, with history as a guide, the country overreacts.
Historical cycles have shown that major events that affect the public bring about a change in the role of government. Ultimately, the United States may end up developing a “dot-secure” cyber realm in which the vital infrastructure operates outside of public Internet access, he suggested.
In an afternoon panel focusing on the warfighter, Brig. Gen. Earl D. Matthews, USAF, director, command, control, communications and computer systems, U.S. Transportation Command, offered that the military needs to stop thinking of J-6s as systems people. They are defending the network every day, he pointed out, and as network defenders they also are intelligence producers. His command’s J-2 and J-6 are totally integrated in cyberspace, he said.
Gen. Matthews also noted that, as Defense Department network defense has improved, more attacks are taking place on contractors and on code developers. He called for a clear set of responsibilities to be defined for all players. People must be held legally responsible for their own piece of the net, the general declared.
Despite the day’s worth of warnings, one afternoon panelist did offer that the United States can—and should—establish cyber dominance in the same manner it has control of the air. Randall Cieslak, chief information officer, U.S. Pacific Command, said that the United States can achieve supremacy in cyberspace despite the advantages seemingly held by malevolent organizations and nations.
“We can achieve supremacy in cyberspace. We have it in SIPRNET [secret Internet protocol router network],” Cieslak stated. “I have confidence that the enemy cannot operate in it.”
He added that the military routinely shares information in domains that are secure without fear of interception. There is no reason that the U.S. military cannot take over part of the Internet and not allow anyone else to use it, he offered.
Cieslak did offer his own cautionary notes. While other panelists warned of cyber attacks that constituted “weapons of mass disruption,” Cieslak warned of cyber “weapons of mass deception.” In this scenario, data would be corrupted to the stemming from cyberspace failures.
An industry panelist in a morning session suggested that it may be time for the military to develop advanced cyber weapons. Richard Holzer, director of information assurance, Army Enterprise IT Solutions Sector, General Dynamics Information Technology, said that the United States may need to develop weapons for cyberspace as it does for land, sea and air.
One key to successful cyber operations will be the ability to develop coordinated responses. Holzer likened this to an infantry force calling in air support. New doctrines also must emerge for elements such as developing targeting information, for example. “We deploy covering fire before landing on a beach; how do we do that in cyberspace?” Holzer asked.
In addition to defining cyberspace policies, the nation may need to define cyberspace itself. Marcus H. Sachs, executive director of government affairs for national security and cyber policy, Verizon, told the morning panel that the nation still lacks a precise definition of cyberspace, and that definition may be vital to make necessary changes in that realm.
Sachs pointed out that cyberspace is the one basic operational environment that is man-made. Land, sea and air cannot be altered substantially; however, people built cyberspace and people can alter it to suit their needs. Unfortunately, he said, people seem all too willing just to accept cyberspace as it is without addressing their concerns.
“Fundamentally, the network’s core is rotten. It’s optimized for criminal activities,” Sachs said, adding that this was not the intent of the network designers in the 1970s.
“We must rethink what we want the network to be, and we must get past these old protocols,” he offered. “We need to write the rules. Right now, our adversaries are writing the rules.”
One way of rewriting the rules is to change the way networks are designed. Vince Lee, director of cyber systems, Oceanit Laboratories, called for cross-domain innovation in developing new networks. Existing networks largely consist of cookie cutter designs built around best practices, which is wonderful for those with malevolent intent. They know what they’re dealing with as networks have become too predictable, Lee stated.
One game change that the military may need to confront is the elimination of service network operation and support centers, or NOSCs. Maj. Gen. Ronnie D. Hawkins Jr., USAF, vice director, Defense Information Systems Agency (DISA), told the Wednesday breakfast audience that the service NOSCs must go so that DISA can work to eliminate stovepipes.
“We must get rid of service NOSCs; they are hindering our capability,” Gen. Hawkins declared, adding that he believes that any combatant command J-6 will say the same thing.
The general called for an even greater change that would begin with a change in terminology. He wants the military to stop using the term “network centric,” because it refers to ownership. Because cyberspace has no owner, the military instead should adopt the term “cyber centric” as it continues to exploit information technologies.
Thursday at TechNet Asia-Pacific 2010:
Addresses by U.S. Cyber Command J-6 Rear Adm. David Glenn, USCG, and Philippine Navy Acting Flag Officer in Command Rear Adm. Danilo M. Cortez, AFP, along with a panel discussion on command and control of cyber.