Cybersecurity Issues Reach Across Vast Pacific Region

January 2010
By Robert K. Ackerman
E-mail About the Author

 

The new U.S. Pacific Command J-6, Brig. Gen. Brett T. Williams, USAF, calls for a new relationship between communicators and operators at the opening breakfast of TechNet Asia-Pacific 2009.

Achieving the technology solution may be harder in cyberspace.

The problems presented by information technology acquisition pale in comparison to those of cybersecurity acquisition. Challenges range from rapidly changing requirements to outmoded criteria for the security work force. And, these challenges coalesce against the backdrop of an ever-increasing cyberspace menace that is growing in both size and sophistication worldwide.

Those points were among many discussed by panelists and speakers at TechNet 2009, held in Honolulu, Hawaii, November 2-5. The theme was “Cyber Operations: A Multinational Challenge.” While cyber operations and cybersecurity were the central points of four days of discussions, other related issues were viewed against the context of the vast Asia-Pacific region.

Federal spending on cybersecurity is expected to grow dynamically over the next five years, according to Kathleen Miller, director for procurement, Defense Information Systems Agency (DISA), and chief, Defense Information Technology Contracting Organization. She stated that this spending will increase from $7.9 billion in fiscal year 2009 to $11.7 billion in fiscal year 2014. This constitutes a compound annual rate of 8.1 percent, which she pointed out is more than twice that of federal information technology spending.

However, money alone will not solve the myriad problems in cyber acquisition. Rear Adm. Gib Godwin, USN (Ret.), vice president, Northrop Grumman Information Systems, bluntly laid out some of the challenges by describing the cyberspace environment in no uncertain terms. “This is war, and we’re up against the largest standing army there ever has been,” he declared.

The retired admiral noted that every dollar the United States spends on cybersecurity is a dollar the nation is not spending on defense or some other application. And, because cybersecurity is based on the threat, defensively the United States always will be a step behind. “Lock up the valuables the way Walmart does—lock up the iPods and leave the dog food out there to be stolen,” he analogized.

Much of the challenge is defined by the constantly changing nature of the threat. That cyberthreat army gets smarter every day, Adm. Godwin said, noting that botnets are growing in effect and sophistication. About 170,000 zombie computers in 74 countries took part in the July 4, 2009, cyberattacks. And, 2,800 new codes are created every day.

To provide effective cybersecurity, security must be bigger, faster and smarter. “Unfortunately, the acquisition process is none of these,” he said, noting that it is limited, slow and inflexible.

 

John Grimes (r), former assistant secretary of defense for networks and information integration, discusses operationalizing cyber with fellow panelists (l-r) Col. Dean Clemons, USAF, Pacific Air Forces A-6; Brig. Gen. Alan Lynn, USA, commander, 311th Signal Command; Linda Newton, deputy chief of staff, C4I, U.S. Pacific Fleet; Brigadier Michael James Milford, AM, director general, ICT Policy and Plans, Chief Information Officer Group, Australian Department of Defence; and panel moderator Brig. Gen. Brett T. Williams, USAF, U.S. Pacific Command J-6.

Leanne Hurley, senior associate, Booz Allen Hamilton, warned that contract vehicles tend to be focused narrowly. Hurley pointed out that cyber requires contracts that cover broader multiple disciplines. The same holds true for expertise. For example, technical people must understand command and control (C2) relationships because everything is interconnected.

And, the cybersecurity work force has considerable problems of its own. Its definitions are outdated and need to be revamped, according to Hurley. She pointed out that one security job description dates back to 1980, and people are being hired by its criteria. Government needs to do a better job of characterizing cybersecurity jobs both to staff the work force and to know who and what are in that work force.

Acquiring security and information technologies and capabilities is a tall order that faces many hurdles. Lt. Gen. Robert Shea, USMC (Ret.), executive vice president, Smartronix, and former director, J-6, the Joint Staff, said that, too often, respective services build different systems for similar capabilities at the operations level. Budgetary pressures may force military planners to do some of the tasks that the services and agencies have not been doing themselves.

Gen. Shea offered that part of the acquisition problem is the politicization of the process. People who are not part of the process come in and leave their mark, and then they depart the program, he charged.

The United States is not the only Pacific Rim nation facing these cyber challenges. Brig. Michael James Milford, AM, director general of information, policy and plans, Chief Information Officers Group, told the audience about Australia’s efforts to operationalize cyber.

Slow procurement will be our Achilles’ heel, he warned, as faster and more agile adversaries will acquire better capabilities much faster than the military will. And, under the thumb of slow procurement, organizations will work to bypass procurement rules, which in turn will result in a loss of procurement control and lead to system holes that will create vulnerabilities in the network.

Brig. Milford called for normalizing and demystifying cyber to make it a part of other military activities. He noted that Australia has made several key decisions over the past few months. First, the government is creating a single portfolio for communications and information technology in defense. If a service chief or commander wants to obtain equipment, the request must go through a single budget and follow standards.

A panel focusing on cybersecurity discussed just what was needed to attain effective security—and left many issues unresolved. Zalmai Azmi, a senior vice president at CACI International, stated that most efforts have been spent on solving tomorrow’s problems, not on fixing today’s problems.

Mike Guzelian, vice president for secure voice and data products, General Dynamics C4 Systems, called for the right balance of mission and security. Security requirements should be put together the same time as systems requirements. “You can’t bolt on security after the fact,” he stated.

 

Lt. Gen. Keith J. Stalder, USMC, commander of the U.S. Marine Corps Forces, Pacific, describes the Marines’ Pacific region mission.

And, innovation should be the security strategy for managing risk, offered Don Proctor, senior vice president, Software Group, Cisco. The threat is dynamic, not static, and taking an innovation-based course is necessary to deal with the technology transitions he described as tectonic shifts.

Government’s role in cybersecurity remains a topic of debate both within and outside of government. Panel moderator Robert J. Giesler, vice president and corporate executive agent for cyber programs, SAIC, called for government to “think flat” and create a cybersecurity architecture that emphasizes a peering structure rather than a vertical architecture, which would stifle improvements by adding new layers of decision making and latency.

The commercial perspective on network security was offered by Tuesday plenary session speaker Diana Gowen, senior vice president and general manager of Qwest Government Services Division. She called upon the Defense Department to share information so that industry, the department and coalition partners can plan together for better network defense. All types of communications and networking systems have some element of vulnerability. Because everyone is connected, everyone is affected by these vulnerabilities.

The challenges of cybersecurity manifest themselves in cyberwarfare, and a panel on the topic assessed U.S. performance in that area. The report card was not good. U.S. efforts either lagged or were misguided, and this is one area that is increasing in importance dramatically.

“There is no warfare area more important than cyber,” said panel moderator Vice Adm. Richard W. Hunt, USN, commander of the U.S. Third Fleet. The resultant increased capabilities of cyberspace come with increased vulnerability, and successful operations in other areas depend on the country’s ability to control cyber and to prevent an enemy from damaging it, he stated.

Jim Newman of the Navy Information Operations Command serving with the National Security Agency/Central Security Service (NSA/CSS) Hawaii said that all cyber actions have a presence and a reality in the physical world. Accordingly, the United States needs to structure the cyber part in the same way it structures the joint command world.

Pacific Command Faces Renewed Technology Taskings

The vastness of the Asia-Pacific region magnifies many of the challenges faced by other government organizations and military commands. However, the U.S. Pacific Command (PACOM) must deal with challenges unique to a theater of operations that spans half the globe and encompasses more than half of its people. Technology may lie at the heart of many potential solutions, according to several panelists and speakers.

The new PACOM director of command, control, communications and computer systems/J-6, Brig. Gen. Brett T. Williams, USAF, called for a new relationship between communicators and operators. As the first non-communicator to serve as PACOM J-6, Gen. Williams cited the need for better understanding between the two groups. “We must have a translation piece between the communications community and the operations community,” he said. “I must facilitate that link between [the two]; a lot of that involves translation. “

The operators and planners are not going to learn our language; we have to express ourselves in a way they can understand,” he declared.

Solving this problem is a two-way street, he pointed out. The general cited the need for military forces to have a -6 who is aware of operations, or an operator that is aware of the communications system.

Operationalizing cyber is another key task facing the PACOM J-6, Gen. Williams said. Many international partners need user education on the problem, and there is room to work with them on that, he stated.

Brig. Gen. Alan R. Lynn, USA, commander, 311th Signal Command, described the challenges faced and advances achieved by the command over the vast Pacific region. He outlined the items high on the command’s wish list: less expensive, lighter, energy-efficient and less-manpower-intensive integrated systems; a smart network that automatically mitigates and/or corrects workstations’ information assurance issues or problems; a cross-domain solution for multilevel security; and plug-and-play software that enables disparate networks to communicate without information assurance problems.

Lt. Gen. Keith J. Stalder, USMC, commander of the U.S. Marine Corps Forces, Pacific, explained which technologies were necessary for the Marines’ Pacific region mission.

High on his list are language translators. Gen. Stalder specifically cited how useful the Marines would find a translation tool for PowerPoint slides. Other technologies he noted include mine countermeasures technology as well as shallow-water intelligence, surveillance and reconnaissance.

But atop his technology requirements are improvised explosive device (IED) defeat technologies. Gen. Stalder allowed that he loses more Marines to IEDs in Afghanistan than he does in Iraq, and these deadly devices are spreading around the world to countries such as Thailand.

Gen. Stalder warned against what he described as a worrisome trend—the movement in the Defense Department to collapse all voice, data, video and mobile communications into a single Internet protocol (IP) network. The uncertainty of combat threatens this approach, he said, warning against “putting all our eggs in one basket.”

The general admitted that cyberwarfare normally is not associated with the Marines. Nonetheless, the Marines are moving into training and making investments in cyberwarfare capabilities and facilities. A Marine cyber headquarters already has been established, and one company of Marines will serve there. Lt. Gen. George Flynn, USMC, will serve as a component commander to Lt. Gen. Keith B. Alexander, USA, director of the NSA/CSS, who has been nominated for promotion to general and assignment as head of the U.S. Cyber Command.

Master Sgt. Glenn A. Brown, USMC, operations chief, Special Purpose Marine Air Ground Task Force (MAGTF)-Afghanistan, warned in a panel discussion that the Marines are not training as they fight when it comes to information systems. As a result, personnel have to learn how to use vital command, control and communications (C3) gear in the field, which hinders their effectiveness in a combat zone. The master sergeant called for pre-deployment training on the same hardware and software that will be used in the field.

The Navy has its own set of priorities, and explaining them was Rear Adm. Scott Van Buskirk, USN, deputy commander and chief of staff, U.S. Pacific Fleet. The top information system priority was a capability—command and control of command and control (C2C2). The admiral said that the operationalization of C2C2 is a major element of work underway in his command. He described four elements: theater sensing/intelligence; network architecture, including cyber; commander’s decision aids that compile transmitted data into useful information; and network protection.

The lack of C2C2 automation tools is a challenge, and the admiral urged industry to remedy that shortcoming. “Command and control of command and control is an extremely fertile ground that bears harvesting,” Adm. Van Buskirk stated.

Linda Newton, deputy chief of staff for command, control, communications, computers and intelligence (C4I), U.S. Pacific Fleet, described the challenges of C2C2: intelligence architecture; network/cyber architecture—seabed to space, sensor to user; decision aides architecture—common operating pictures and other tools; and protection of individual architecture and the “whole” of the enterprise.

She added that the Navy is attempting to develop a C2C2 concept of operations and processes; incorporate it into maritime operations center; develop common C2 architecture management for all C2 architecture; continue technology development; and conduct experimentation.

Gen. Williams weighed in on the C2C2 discussion. He told the audience at a panel focusing on operationalizing cyber that, unless cyber is operationalized, C2C2 of a system cannot be realized.

And effective C2C2 may be necessary to combat the rising cyberthreat to information systems. John Grimes, former assistant secretary of defense for networks and information integration, noted that exfiltrations happen every day. About three years ago, hackers stole some of the country’s most sensitive technology weapons systems through industry partners.

Since then, measures taken have helped avoid those types of losses in that manner, and new data centers provide redundancy if one is taken out by an adversary.

The Pacific theater of operations is providing new challenges to the U.S. Coast Guard, said the commander of the 14th Coast Guard District. Rear Adm. Manson K. Brown, USCG, told a luncheon audience that the Coast Guard increasingly is dealing with national security aspects as it carries out traditional missions deep into the Pacific.

Protecting precious fisheries is a national security issue, particularly as small island nations depend on fishing for food and commerce, the admiral noted. If commercial concerns brazenly break rules and overfish, the well-being of these nations is threatened. Food security is a top issue with each of these countries.

Because it can be difficult to get multiple nations to agree on something, the Coast Guard is entering into bilateral agreements to pursue joint interests in the vast region. Adm. Brown cited as an example how U.S. Coast Guard surveillance and reconnaissance information passed to its counterpart in Kiribati helped that small island nation stop illegal fishing in its waters. Apprehending the illegal fishers also generated $4.7 million in revenue from fines for Kiribati.

 

China Rising to New Importance in Asia-Pacific Region

Whatever transpires in the Asia-Pacific region over the coming decades likely will involve China, stated several TechNet Asia-Pacific 2009 panelists and speakers. However, divergent opinions emerged on what that country’s rise will mean to the region and the United States.

Asia-Pacific expert Dr. Denny Roy, senior fellow and supervisor of the POSCO Fellowship Program, East-West Center, warned that China and the United States are constantly redefining their relationship in a dynamic that could lead to conflict if both sides are not careful. He cited the concept of hegemonic transition in which one superpower is overtaken and replaced by another, and he pointed out that the evolution of the U.S.-China relationship matches past patterns that have led to confrontation.

This transition can be dangerous, Roy said, because the older hegemonic power has the incentive to start a war so that it does not lose its power. Conversely, the rising power has the incentive to start a war so that it can realize the fruits of its efforts sooner.

He noted that China does agree with the United States on many global issues, such as free trade. Those areas of agreement can serve as the basis for constructive engagement between the two powers. However, China disagrees on the spread of democracy throughout Asia as well as U.S. security alliances.

Capt. George Galdorisi, USN (Ret.), related how he participated in negotiations with the People’s Liberation Army Navy (PLAN) on sea rights several years ago. The Chinese delivered a set of preconditions, and told the U.S. representatives that the United States had to meet every one or there would be no agreement. Many of these ran contrary to long-standing U.S. positions as well as basic maritime laws. The United States responded by saying, “Instead, let’s discuss the issues we both see as important that don’t involve your territorial waters.” The PLAN agreed, and both sides sat down to productive discussions.

That is a basic approach Chinese negotiators take, Capt. Galdorisi said. They offered up the points that they needed to and then addressed the areas that involved common ground.

Former U.S. Pacific Command head Adm. Thomas B. Fargo, USN (Ret.), warned of related challenges facing the United States. Adm. Fargo offered that the security situation in the Asia-Pacific region is improving and does not offer any immediate threats. However, the potential for conflict or upheaval is present. North Korea’s leader Kim Jung Il will not give up nuclear weaponry because he believes it is the key to remaining in power.

Smaller Asian nations are worried about U.S. economic power fading. Adm. Fargo offered that they are concerned about the U.S. debt. They fear that the belt-tightening forced by debt service will reduce U.S. ability to deal with them on a continuing basis. Those nations worry that the United States may not be able to maintain its interests in Asia, he related.

China’s economic rise may imperil the U.S. economy by nature of its success, suggested Dr. Roy. China, with its fast-growing economy, soon will diversify its investments and its markets so it will not have to rely on the U.S. market as much as it does now. That will give it economic and political flexibility. Currently, China would be harmed if it were to sever the economic relationship between the two superpowers. That becomes less of a problem with global diversification.

And, one day, major world economies no longer will use the dollar as the basis for international transactions. When the U.S. dollar no longer is the global currency of choice, the United States will have to enter a period of severe frugality. 

Photography by Bob Goodwin

Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.