Cyberspace

Many recognize that our existing organizational and acquisition models can't respond quickly enough to meet the cyber challenge. Why not establish a neutral entity to act as an impartial system integrator that collaborates global efforts and resources to anticipate and defend against our cyber adversaries?

Not everyone can step into the cockpit of an aircraft, but training allows U.S. Air Force officers and airmen from all backgrounds to get on the Internet and defend threatened networks.

The key to providing greatly enhanced cyber security may be at hand, but it may also eliminate one of the Internet's greatest characteristics, and a middle ground may be hard to achieve. Carter Bullard, president and chief executive officer, QoSient, told the audience at a MILCOM 2010 Wednesday afternoon panel on cyber security that technologies are needed for three elements-attribution, mitigation and deterrence. Attaining attribution and mitigation will lead to deterrence, he maintained. A key means of attribution is non-repudiation, which he described as having the potential to go after the entire threat matrix. This discipline would provide comprehensive accountability that prevents any interloper from concealing that they attacked, thus creating the concept that a hacker can get caught. Bullard bemoaned the fact that no one is building technology for non-repudiation, calling it "the most misunderstood countermeasure." However, one of his fellow panelists raised an alarm about its incorporation. Elliot Proebstel, on the technical staff of Sandia National Laboratories, warned that building in non-repudiation might threaten valued Internet freedoms. The existing anonymity that every Internet user takes for granted might disappear as every user could be identified. This would be a boon to dictatorships that seek to identify and stifle Internet users opposed to their regimes, he offered.

Thoreau's words increasingly apply to securing cyberspace.

The United States has air supremacy; why not cyberspace supremacy?

The United States may need a "dot-secure" cyber realm to protect vital infrastructure elements such as banking.

"The focus now is on computers over comms, and that's a problem."

The medium literally is the message in Pacific Command operations, as network situational awareness may be the determining factor in the success of future operations. Adm. Robert F. Willard, USN, commander of the U.S. Pacific Command, warned that U.S. military capabilities in this area are strongly lacking. "In command and control, you can't control what you can't see, and you must be able to control everything in these domains," Adm. Willard said. Speaking at TechNet Asia-Pacific 2010, Adm. Willard related that recent Pacific rim exercises illustrated the problem. The cyber element was set up weeks in advance, and it was supported to an unprecedented level by personnel from the newly established U.S. Cyber Command and from other organizations and industry. Yet, at best, experts had visibility into only 50 percent of cyberspace. Worse, leadership had the ability to sense and command in only 10 percent. "You can't command and control that domain unless you can see into it, sense inside it and control it," the admiral reiterated. Often the challenges of network situational awareness overwhelm those tasked with managing it, he continued. "Many people have such a profound sense of complexity about it that they almost give up. But we can't give up," he emphasized.

PACOM has the overarching responsibility for ensuring security in the Asia-Pacific region. The organization's commander offers that if PACOM can get its five focus areas right, it will have achieved its goals and enable it to focus on other challenges. What's the ideal future scenario? Read the complete interview and share your input.

This month, Linton Wells II drew his inspiration for Mission Assurance Moves to the Fore in Cyberspace from Deputy Secretary of Defense William J. Lynn III's recently published article, Defending a New Domain: The Pentagon's Cyberstrategy. Wells summarizes Lynn's strategy points, noting that taken on a whole they have a broader implication than just cyberdefense. It has more to do with mission assurance, he says. But he has a number of concerns, among them: how will the new cyberstrategy be implemented? And how can the private sector do a better job of meeting its requirements?