Quote of the Day:
“Cyberspace mirrors the maritime world both in the way it serves us and in the peril it brings.”—Rear Adm. Danilo M. Cortez, AFP, acting flag officer in command, Philippine Navy
After two days of “what” and “why,” the third and final day of TechNet Asia-Pacific 2010 largely examined the “how” of cyber security. Diverse speakers from regions spanning half the globe agreed on many points, but the unique and contradictory ideas that emerged illustrated the differences of opinion rife in the dynamic realm.
Rear Adm. David Glenn, USCG, U.S. Cyber Command J-6, offers some solutions to cyberspace challenges on the final day of TechNet Asia-Pacific 2010.
A panel that included high-ranking officers from the U.S. Pacific Command (PACOM) offered a host of suggestions to master cyberspace. Brig Gen. Brett Williams, USAF, PACOM J-6, stated that defense, not offense, is the dominant mission in cyberspace. The U.S. military does not have the capability to guarantee its ability to operate by using offensive measures. Instead, the military needs to ensure that it can have the necessary defense to operate firmly in that domain.
“Networks will always be vulnerable—disconnecting is not an option, we must fight through the attack,” he said.
And, successful network defense will require broad teamwork. “You don’t deter a cyber event with other cyber action–you deter with the full strength of national action,” the general declared. “it’s bad to pigeonhole cyber in this area.”
That defense must become more active. Rear Adm. William E. Leigher, USN, deputy commander, U.S. Fleet Cyber Command/10th Fleet, noted that cyber predominantly is a defensive domain. In the 1990s, a structure was set up in which a computer emergency response team waits for something to happen, then patches it and waits for the next incident to happen. “Can you imagine doing ASW [antisubmarine warfare] that way?” he suggested. “We have not ever demonstrated the inherent right of self defense in cyberspace,” the admiral declared.
Rear Adm. Scott H. Swift, USN, PACOM J-3, stated that the military still does not think of cyber as a warfighting system. it is as important as any other element of battle, such as tanks and aircraft, he added, and it should be thought of accordingly.
Continuing the analogy, he noted that weapon systems have both a trigger and a safety. He said he is comfortable if someone else owns the cyberspace safety; but he wants his boss to hold the trigger because its use might have unintended consequences, and his boss is the one whose judgment he trusts most.
For warfighters and commanders to have the cyber elements and systems that they need, they must interoperate better with the technologists who are designing them. Gen. Williams charged that a huge chasm exists between cyber operators and the technical community. Operators often do not understand the technical language of the systems that are being designed for them. As a result, they are not able to effectively input design advice, and they often are faced with the challenge of adapting a system to suit their needs.
Conversely, technicians often do not fully understand operators’ needs, he added. Both need to reach out to the other group to begin system design with a better understanding of everyone’s points of view. Gen. Williams suggested that operators learn about cyber systems in the same manner that pilots learn about their aircraft before they set foot in them to fly.
For dealing with broader cyber acquisition issues, Adm. Leigher recommended the creation of a cyber acquisition force. Characteristics of cyberspace are greatly different than those of the platform world, especially the pace of change. He noted that the military buys carriers from a limited number of shipyards, but it buys information technology from many sources, which calls for a new way of doing business.
Differing from an opinion offered the day before was Rear Adm. David Glenn, USCG, U.S. Cyber Command J-6 who spoke at the Thursday breakfast. Where a Defense Information Systems Agency (DISA) official had suggested the elimination of the services’ network operation and support centers (NOSCs), Adm. Glenn offered that NOSCs still could serve a role. He suggested consolidating the number of NOSCs down to five. Each service then would be the executive agent for a NOSC.
Adm. Glenn endorsed the concept of security through simplification. He stated that offering an adversary fewer ways of penetrating a network also would simplify security measures and responses. These types of measures will reduce attack surfaces and allow for rapid re-configuration when an attack occurs,
“We need to simplify GIG [Global Information Grid] architecture, reduce and simplify our networks, and reduce the hundreds of security enclaves down to one,” he said.
Currently, most cyberthreat activity involves stealing data rather than corrupting it, the admiral stated. However, both kinetic and non-kinetic threats could disrupt or even destroy GIG systems.
The admiral called for better agility, possibly through virtualization of servers, routers and switches. The Cyber Command is going thin client so that the command’s few remaining enclaves can go to a single desktop, he reported.
Securing cyberspace may require new concepts of supporting and supportive command in the cyber arena. One strong solution might be the establishment of a cyber joint operating area, or JOA, Adm. Glenn suggested. Figuring out that JOA will be the hard part, he added.
Adm. Glenn agreed with the concept of a more active cyber defense. He noted that the Cyber Command will need to look at computer network defense in a fundamentally different way—away from a passive to a dynamic approach.
While the United States fights for cyberspace security across a broad front, other nations may be engaged in more limited challenges. Rear Adm. Danilo M. Cortez, AFP acting flag officer in command, Philippine Navy, compared the challenge of cyberspace to that of his command, his country’s navy.
“Cyberspace mirrors the maritime world both in the way it serves us and in the peril it brings,” the admiral told Thursday’s luncheon audience.
Adm. Cortez described how the Philippines is incorporating a new interagency maritime security architecture that comprises three components: command and control, surveillance and response. It is building this architecture with assistance from two of its key allies, Australia and the United States.
The admiral observed that, like water, cyberspace observes no borders. Just as his island nation sits astride key maritime trade routes, so does it face diverse challenges in maritime command and control as well as in cyberspace.
Plan now to attend TechNet Asia-Pacific 2011, to be held November 1-3 in Honolulu, Hawaii.