The Best Defense is a Good Offense

Cyberspace was never designed with security in mind, and no one group-or one nation-can totally control the Internet. Based on those two realities, cybersecurity requires both teamwork and collaboration, Mary Lee, director of strategy and policy development, Cyber Task Force, National Security Agency, stated. Lee served as moderator of the TechNet Land Forces East panel titled, "What Does it Take to Prevent?" Lee asked a panel of top military leaders to address the topic of proactively protecting networks against cyber attacks. Lt. Gen. Vincent Brooks, USA, commanding general of the U.S. Army Central/3rd Army, said his command is responsible for setting up communications networks for forward deployed operations. The general said he is concerned with "the communications architecture and whether it will work when we arrive and the logistical implications" of how those networks work. His biggest challenge is what he called "the weakest link: the user." He noted that cyber attackers target users as the pathway to allowing malware and other vectors into network infrastructure. In a similar vein, Rear Adm. Robert E. Day Jr., USCG, director, U.S. Coast Guard Cyber Command, called for better training programs to overcome some of the most obvious errors by users, including the use of unauthorized USB thumb drives and other careless actions. Adm. Day also said that serious thought must be given to how military forces will operate once the network is degraded, either through cyber attack or other causes. Maj. Gen. Suzanne Vautrinot, USAF, commander, Air Force Cyber with U.S. Cyber Command, said it is vital that all the services approach cybersecurity defense as a full-spectrum capability. Brig. Gen. Kevin J. Nally, USMC, director, command, control, communications and computers/chief information officer, Marine Corps, said his best protection is a well-trained work force. He pointed to four already operational cyber academies at the Twentynine Palms Marine Corps Air Ground Combat Center in California, which were all built around the commercial software and hardware supplied by various vendors as a cost-effective way to make sure troops have the training they need to safeguard networks. He said that the Marines now are developing additional cybersecurity training for middle- to high-ranking officers to keep them up to date on the latest cybersecurity issues. Maj. Gen. Bert Mizusawa, USAR, assistant to the chairman of the Joint Chiefs of Staff for Reserve Affairs, said that technical issues might be the easiest to resolve when it comes to cybersecurity. Instead, he suggested that policy and legislation are the most important considerations: does the military, in fact, have an obligation to protect .com private networks? What policy and legal implications come with that expectation? He related a discussion he had regarding the World Trade Center and whether the military had an obligation on 9/11 to protect what was essentially a private office complex. He said that given what they know now, the answer to that question is yes. Gen. Vautrinot said that any changes in policy that define the role of the military in protecting .com must stress information sharing as a primary tool in responding to cyber attacks.