Shifting the Mindset, Given the Threats
The threat is so great from the People’s Republic of China, with the latest problem of how the adversary is pre-positioning itself in the United States’ critical infrastructure to wreak havoc on the U.S. people and most essential functions of society, warned Lt. Gen. Robert Skinner, USAF, director, Defense Information Systems Agency, and commander, Joint Forces Headquarters-Department of the Defense Information Network (JFHQ-DODIN).
“You name a sector, they are trying to get in—power, water, financial, medical. It is to posture their capabilities to use at a time and place of their advantage to disrupt the United States,” he said, speaking about Volt Typhoon, the PRC-backed actor, at the AFCEA Rocky Mountain Cyberspace Symposium in Colorado Springs, Colorado, on February 21.
As such, the United States military and defense industrial base must shift its thinking and take ownership of the cyber risks and vulnerabilities humans present, the commander advised.
“I take it personal that the PRC is trying to hack into us,” Gen. Skinner. “If they do, it is my fault. And everyone single one of us should have that attitude of, ‘it is personal,’ and ‘it is our fault and what can we do about that?’”
For some perspective, there are 34 billion Internet Protocol (IP) addresses in the Department of Defense, and presently, almost 300,000 forward facing devices. “All it takes is one [vulnerability], he stressed. “Protecting the department, that is huge. And one organization can not do it alone.”
And while the nation is learning from Russia’s unprovoked invasion of Ukraine, any conflict with China will be quite different, Gen. Skinner continued. “You see what is going on in Russia and Ukraine,” he said. “I will offer that if there is a conflict with the People’s Republic of China, it is nothing like Russia/Ukraine, and it is nothing like you will have ever seen before.”
On a positive note, the U.S. government is working more closely together than ever before in regard to fighting cyber attacks.
“Last May, 11 key agencies came together to highlight an advisory about what Volt Typhoon was doing against the United States,” the commander noted. “When was the last time 11 agencies agreed on anything? All agreed about that threat and the activity that was occurring.”
How aligned are we on the defense of critical infrastructure that is not owned by DoD? What authority does JFHQ-DODIN, or the department, have in addressing the vulnerabilities?
Nine years ago, DISA stood up the JFHQ-DODIN after a directive from the Joint Chiefs. The agency is now examining the totality of JFHQ DODIN, the responsibilities and authorities. In addition, leaders are looking at critical infrastructure not owned by DoD that may present risks.
“How aligned are we on the defense of critical infrastructure that is not owned by DoD?” he considered. “What authority does JFHQ-DODIN, or the department, have in addressing the vulnerabilities? Those are the things we are looking at.”
In the next few weeks, the agency is rolling out its “DISA Next” policy. It is a strategic plan that goes out five years, with a focus on the next three years. It will examine the agency’s ecosystem and value to the DoD. “I will tell you that our focus has to be the U.S. combatant commands, agencies and support to the services,” Gen. Skinner emphasized.
“We are posturing for a new era,” the general concluded.
