Enable breadcrumbs token at /includes/pageheader.html.twig

Army Strengthening Cybersecurity and Survivability

Boosting joint cybersecurity starts locally.
Lt. Gen. John Morrison, USA, U.S. Amy deputy chief of staff, G-6 addresses the audience at TechNet Cyber in Baltimore. Photo by Michael Carpenter

Lt. Gen. John Morrison, USA, U.S. Amy deputy chief of staff, G-6 addresses the audience at TechNet Cyber in Baltimore. Photo by Michael Carpenter

The U.S. Army seeks to enhance the effectiveness of local cybersecurity defenders—and ultimately the joint force cyber warriors—by revamping organizational design, fielding the best technologies and improving training, Lt. Gen. John Morrison, USA, U.S. Amy deputy chief of staff, G-6, told the audience at the TechNet Cyber conference in Baltimore.

“Here’s my thesis: we have a lot of folks that are doing cybersecurity work, but we are not optimized across the entire joint force to conduct cybersecurity operations,” Gen. Morrison declared.

He added that what is needed are “appropriate personnel investments in a Department of Defense Information Network (DODIN) operations framework. That will enhance “not only the Army to conduct operations in a contested and congested environment that we’re going to face in the future but also the joint force.”

Failure to establish the DODIN operations framework could potentially jeopardize the Army’s Unified Network vision. “I would submit to you that without putting this DODIN ops framework into place, the reality of the Unified Network will be challenging because we will be fragmented from an operational perspective,” he said.

Additionally, officials need to establish roles and responsibilities “from the brigade level all the way up to the global enterprise level,” which “supports our strategic and operational capabilities,” he said.

“We need to up the game of the folks that are conducting cybersecurity operations—and it is cybersecurity operations. We need to up their game from three perspectives: one, we’ve got to get the organizational design right. Two, we have to get the right capabilities into their hands. And three, we need to get the requisite training in place,” he said. “If we do those three things, we can now up the game and now you’ve got continuous cybersecurity operations being conducted. Right now, in all candor, we’re a little fragmented in that.”

Gen. Morrison suggested beginning with cybersecurity service providers (CSSPs), who defend local networks. By better preparing the CSSPs, the Army’s Cyber Protection Teams could be freed from having to defend those local networks.

“What we want to do is make sure we’ve got a layered defensive posture that allows the terrain owners … with the requisite training, with the requisite capabilities, to actually defend the broader terrain and get Cyber Protection Teams back to doing what they should be doing—being very threat-focused and hunting on our networks to make sure that if an adversary happens to have gotten in, we now have somebody that is focused on that specific threat.”