On the Cyber Edge of History
Policy, strategy and legislation align to counter the threat.
The United States faces a threat unlike any in its history. The cyber threat zips around the world at blinding speeds and continually transforms. It can neutralize billion-dollar weapon systems and leave entire cities in the dark. It also can be wielded by superpowers, smaller governments or criminal organizations. At the same time, however, legislation, strategies, policies, authorities and a vigorous spirit of cooperation across government and the international community are all aligning to meet that threat.
“For me, I believe we’re in a moment of history we’ve never been in. The cyber threat creates challenges because of the pace, the sophistication and the proliferation of those threats that emanate in and through cyberspace,” says Maj. Gen. Burke “Ed” Wilson, USAF (Ret.), deputy assistant secretary of defense for cyber policy in the Pentagon. “I’m challenged to find in history a problem set or a threat type that moves at the pace and with the sophistication and that proliferates as easily as what we’ve seen over the last 10 or 15 years.”
In addition to the proliferation, sophistication and pace of change, cyber has become ubiquitous within the military and daily life. “Cyber touches everything. It touches critical infrastructure and touches networks and systems that are being used by the department. It touches our weapon systems,” Gen. Wilson says. “To be able to operate all of that force structure in and through a contested environment in cyber is a big challenge. Most of those systems were not designed or fielded or even operated with those kinds of threats in mind.”
Officials have been working furiously across the department, government and the world to pull together all the elements needed to meet the unique threat. For example, the Defense Department has been improving cooperation with other countries in the cyber realm. “We’ve been out and about in Asia and Europe, beginning to work more closely with partners,” Gen. Wilson reports. “We’ve been conducting some defensive cyber operations with some of our partners in Europe. It’s the first time we’ve actually had teams on networks in Macedonia, Montenegro and Ukraine, for starters.”
The United States will likely continue to raise the bar on international cooperation, Gen. Wilson suggests. “We’re doing that bilaterally right now. I think there’s a good opportunity, especially with our strong partners, to begin to think about a multilateral environment. Those are the types of activities you’ll see us focused on in the months to come.”
In addition, last year the department completed the first-ever cyber posture review and a cyber strategy closely aligned with the White House strategy that allows a more aggressive stance in the cyber realm. “The strategy is what the department is committed to executing, and then the cyber posture review graded us on how we were going to execute that and identified gaps and seams,” Gen. Wilson explains. “The strategy is very proactive. We have definitely put a high mark on the wall with regard to what we need to achieve.”
The department is now putting the strategy into effect. That shift has been underway for several months, but the implementation phase will carry well into 2019.
Gen. Wilson cannot discuss the identified gaps because they are classified. “Suffice it to say there are plenty of gaps to work on. We’re hard at work addressing those and mitigating those to the best of our ability.”
Also last year, the Defense Department signed a memorandum of understanding with the Department of Homeland Security (DHS), which will enhance information sharing and allow the Defense Department to provide greater support for critical infrastructure protection, election security and a host of other missions.
The closer relationship between the two departments includes pathfinder projects with the finance and energy sectors, which are part of the critical infrastructure. For the first pathfinder, the Defense Department worked with the DHS and the Treasury Department to improve information sharing. “We finished the first effort and began to adjust based on some lessons to see if we could conduct the assistance more quickly and then lay the groundwork to maybe scale that support,” Gen. Wilson reports.
The second pathfinder effort focuses on the energy sector. The Defense Department again is working with DHS as well as the Energy Department.
Those partnerships indicate a significant movement toward a whole-of-government response to a full spectrum of threats. The whole-of-government concept, which emphasizes cooperation amongst departments and agencies, is not new, but recent developments render it more effective. A whole-of-government effort supports a wide range of missions, including humanitarian and disaster relief responses. A whole-of-government response against an adversary can include indictments, freezing of financial assets, cyber attacks, a traditional military response and a wide range of other actions.
Cyberspace may be a major tool to deter adversarial behavior. “As part of the cyber posture review we conducted workshops. We did some modeling of behavior and conducted some war games, not just with cyber experts but with regional experts to try to understand some of the dynamics of how deterrence would play out, how effective we could be by combining not just DOD capability, but a whole-of-government capability,” Gen. Wilson reveals. “Actually, the State Department has picked up the lead. It has been working hard across the whole of government, and we’ve leveraged some of the work we did in the cyber posture review for a more whole-of-government response, looking at how we can deter malicious behavior in cyberspace.”
Gen. Wilson reports significant improvement in interdepartmental cooperation. “In the past, the Department of Defense wasn’t one of the first organizations DHS would have turned to for support. They would have turned to a lot of other places, and DOD may have been far down on that list. Because of the threats to the nation, we began to look at the problem a bit differently,” he states.
He asserts that because the department, along with the intelligence community, looks abroad for threats, it sometimes smells trouble brewing. “We think we have a unique set of capabilities. We see the threats form, and so we have an opportunity to disrupt or mitigate or even deter those threats as they take shape,” he offers. “We want to defend really by blunting those threats at their source as required, but also to share information with domestic partners through DHS so that their defenses are better.”
Furthermore, the Defense Department has more to offer now that the cyber mission force is fully manned and capable. “If a cyber incident were to outstrip DHS or FBI resources in a very large-scale incident, DOD would be able to offer some support for incident response and reconstitution and mitigation of the event,” Gen. Wilson adds.
Department officials are determining how to measure the readiness of cyber forces. “We’re beginning to have the metrics and have the criteria of how we measure readiness, so the focus will begin to quickly shift to make sure we increase the readiness of the cyber mission force. That’s really the next phase or chapter,” Gen. Wilson notes.
He suggests that one of the early critiques of the cyber mission force was an inability to employ all of the capabilities. That, however, is changing. “We’ve been able to prioritize and put in place some mechanisms to quickly employ that capability when required. That’s paying off. That’s a benefit not just for the department but for the nation,” he says.
The cyber mission force is largely enabled by legislation that speeds hiring and security clearance processes through the Cyber Acceptance Service program. The first phase of the three-phase program involved primarily the office of the chief information officer. Phase two included Cyber Command and the Defense Information Systems Agency. Officials are on the verge of the final phase, which will expand the effort departmentwide. “That’s a significant shift. We’re receiving real good feedback with regard to our ability to more quickly hire key talent and bring them onboard. We’re successfully getting through the hiring process in a much more rapid fashion. That’s been a success by any measure,” the general declares.