Cybersecurity Is Operational Readiness
Each service member is either the strongest link or the weakest.
Cyberspace is an operational domain, and cybersecurity is essential to the operational readiness of military units to achieve the mission, defeat the adversary and win wars. Our increasing reliance on cyberspace for command and control and operations in all domains, the explosion of networked digital technologies within combat and support systems, and the growing capabilities of adversaries to threaten the United States and its allies in cyberspace mean greater risks to our mission and to national security.
Operational readiness requires leadership, discipline, planning, action and continuous assessment at the individual, squad, unit and force levels. That’s how we measure combat power and the capability of the joint force to deter and defeat the adversary. We don’t outsource it. It is inherent in the function of command and the responsibility of each commander to ensure unit readiness. This begins at the individual level with each soldier, sailor, airman, Marine and Coast Guardsman. We are now engaged in a campaign to rebuild readiness across the joint force, and cybersecurity is critical to that effort.
Cybersecurity is not just awareness or compliance. Compliance regimes, such as the Department of Defense (DOD) Risk Management Framework and Cybersecurity Discipline Implementation Plan, are essential enablers but insufficient to achieve operational readiness. They’re perceived as the realm of the specialists and the support community. We tried to address this with hybrid concepts like “cyber readiness,” but the hyphenated approach hasn’t yet changed the culture.
We must move to disciplined action, starting with the commander and the individual service member. The DOD, through U.S. Cyber Command and its cyber component commands, including Coast Guard Cyber Command and the Cyber Mission Force, operate and defend the DOD Information Network (DODIN) as part of cyberspace operations. This involves an elaborate and complex system of defenses and maneuver within cyberspace to defeat threats. In every operation, however, the last tactical mile of defense and maneuver—the most critical element in defending the DODIN—depends on the actions of the individual warrior across the joint force. Each service member is either the strongest link or the weakest, and poor judgment or lack of discipline by an individual when under threat will allow the enemy access and an attack vector into the DODIN, putting our people and missions at risk. The adversaries know this, and they seek advantage by targeting that link. The last tactical mile must be the strongest.
We will all soon dutifully complete the required online annual mandatory cybersecurity awareness challenge training. That’s compliance. But building cybersecurity into operational readiness requires a return to a proven approach that includes: a clear commander’s intent and priorities; small unit leadership and squad/division training led by the noncommissioned officer corps; and individual discipline and exercises to build proficiency at the squad, unit and force levels. When commanders own cybersecurity as part of unit operational readiness, when our service members own the responsibility for guarding their field of fire on the DODIN—then we will make progress on turning awareness into action to achieve operational readiness.
Rear Adm. Kevin A. Lunday, USCG, commands Coast Guard Cyber Command and also serves as the assistant commandant for command, control, communications, computers and information technology.