Maj. Gen. Jennifer Napper, USA, director of plans and policy, U.S. Cyber Command, and other panelists at the AFCEA International Cyber Symposium in Baltimore said that cyber requires cooperation across the U.S. government, with the private sector and with other nations, including China and Russia.
Gen. Napper cited her decade of experience working with international partners on a variety of projects, plans, initiatives and operations. “While we’ve made great progress in many areas, there’s always room for more improvement. This is especially true in the area of operations in and through cyberspace. This more than any other area must be a team sport,” she said.
She offered three distinct reasons for saying that. Cyberspace includes three layers—physical, virtual and the personas. Additionally, “Whatever we talked about last year, that terminology is now seen as legacy, and that’s been true every year for the last three years in cyberspace. We clearly need to come to a common lexicon, and it has to be common not only in this country but internationally,” she declared. The third reason is that pieces and parts of the infrastructure are owned by the military services, other government agencies and private companies.
Thomas Dukes, deputy coordinator for cyber issues, U.S. State Department, said that the cyber strategy released two years set a precedent. “That was really the first time any country had done something like this, to lay out a vision for the future of cyberspace. That vision is pretty simple. We want to have open, interoperable, secure and reliable cyberspace,” Dukes explained. Achieving the vision, he added, requires cooperation across the government, with the private sector and with other nations.
Many countries followed the U.S. example, releasing cyber strategies of their own.
U.S. government officials are traveling the country warning companies about a new round of cyberattacks that have targeted 27 companies, compromised seven and may ultimately affect up to 600 asset owners, according to Neil Hershfield, deputy director, control systems security program (CSSP), Industrial Control Systems-Cyber Emergency Response Team (ICS-CERT), Homeland Security Department.
Hershfield made the comments while taking part in a critical infrastructure protection panel discussion as part of the July 25-27 AFCEA International Cyber Symposium, Baltimore.
“The reason we’re out and about across the country is that we’re seeing a new adversary taking a new approach—rather than spearphishing, they are going after vulnerabilities with [structured query language] injections, and they’re then trying to get across the networks as fast as they can as broadly as they can,” Hershfeld reported. “We’ve been working with our intelligence community partners on this and we’re now going around the country letting people know about it. We basically do this jointly with the FBI, with field offices across the country. When we’re done, we’ll probably talk to 500-600 asset owners.”
Getting the word out is crucial because “the mitigation strategy here for this kind of exploit is significantly different than what you might use in other cases,” he added.
Hershfield is part of an industrial control systems working group, a public-private partnership that is co-led by one person from the private sector and another from the government sector. The group typically meets in-person twice a year, sharing information between the public and private sectors.
The United States will continue to develop a bilateral relationship with China regarding cybersecurity issues. In fact, the two countries will meet again in Washington, D.C., on July 8th, according to Maj. Gen. John Davis, USA, senior military advisor to the undersecretary of defense—policy for cyber, Office of the Secretary of Defense. Gen. Davis, the luncheon keynote speaker on the first day of the July 24-27 AFCEA International Cyber Symposium in Baltimore, said the United States recognizes China as a rising power and a major voice in the cyber arena.
High-ranking officials from State Department, Defense Department and other agencies, have been engaged in bilateral, multi-lateral and international forums such as the United Nations and NATO. “As an example, of a critical bilateral relationship, I had the great honor to travel to China twice in the last year and engage as part of a collective U.S. academic and government interagency forum with counterpart Chinese academic and government organizations,” Gen. Davis said.
“U.S. senior government officials across the agencies have been actively engaging their Chinese government counterparts, including the People’s Liberation Army, in a number of ways already, and we would like to see those engagements expand,” Gen. Davis reported. “I had the opportunity to personally encourage a more direct military-to-military relationship with China in a serious effort to help our two nation’s militaries better understand each other, to reduce misconceptions, to reduce misinterpretations and ultimately, to reduce the chance of mistakes that can happen in cyberspace and perhaps spill over into the physical domains.”