Cybersecurity Must Take Front and Center National Attention, Experts Say

Cybersecurity can no longer be viewed as a technology-only problem and segmented into stovepipes where the U.S. Defense Department carries out one set of tasks; the civilian government another; and industry does its own thing, said Adm. Michael Rogers, USN, director of the National Security Agency (NSA) and commander of U.S. Cyber Command.

“It must be viewed more broadly and must be tackled from a national security perspective,” Adm. Rogers said during a morning West 2017 conference presentation Thursday with Adm. James Stavridis, USN (Ret.), former NATO commander and dean of Tufts University’s Fletcher School of Law and Diplomacy.

It has to be a more inclusive team sport, and going forward, the military will rely on industry solutions to defend national assets in cyberspace. In the near-term, the Defense Department needs solutions in three disruptive and key areas: machine learning, automation and work force, Adm. Rogers said. “We have got to get to machine learning at speed,” he offered during the final day of the naval West 2017 conference that concluded Thursday in San Diego. “We have got to get to automation and you’ve got to help me free up human capital."

What does Adm. Rogers need from industry? Machine learning at speed & automation technologies #WEST2017

— Sandra Jontz (@jontz_signalmag) February 23, 2017

The event is co-sponsored by AFCEA International and the U.S. Naval Institute.

Cybersecurity remains at the center of the national political stage and is set to be among the flurry of “energetic” executive orders coming out of the White House, Adm. Stavridis offered. Adm. Rogers, tapped to offer insight for the administration’s draft, suggested leaders “take a step back and look at [cybersecurity] with a new set of eyes from the ground up.” He added, “Don’t get trapped by the bureaucracy.” 

The two formidable men touched on a number of salient topics during their discussion, including the military’s critical shift in its approach to conducting combat operations with the dawning of this new cyber domain. The services are moving from the physical domain to fighting “some, a lot, maybe all at times, of our operations in this virtual domain. What does that shift mean and how’s it going?” Adm. Stavridis asked of Adm. Rogers.

“Cyber is an operational domain in which we do a variety of missions and functions, many of which are very traditional,” Adm. Rogers said. “We do reconnaissance, we do fires, we do maneuvers. The same things I was used to as a surface [warfare] officer … I’m constantly going back to that.” 

If Adm. Rogers had that proverbial blank sheet of paper to sketch out the way in which the Defense Department ought to be structured, in the immediate near-term, he would elevate Cyber Command to a combatant command status, he said. But over the next five to 10 years, he would like to see an integration of cyber, both offensively and defensively, down to the operational tactical level. Shaping an elevated Cyber Command has a tried-and-true blueprint, Adm. Rogers added. He’d like to create the command in the image of the successfully integrated Special Operations Command. “How do we treat any high-demand, low-density resource in the department?” Adm. Rogers asked. “We traditionally tend to centralize it, then prioritize its applications by risk and operational priority. I would argue that we need to do the same exact thing in cyber.” 

#cybercommand should be created in the image of Special Operations Command, Adm. Rogers #WEST2017

— Sandra Jontz (@jontz_signalmag) February 23, 2017

A follow-on critical step is building the work force, in a stiff competition with industry, which wants the same people, Adm. Stavridis offered.

Pushing #cyber to tactical levels 'sounds like the journey of special forces' @stavridisj #WEST2017

— Sandra Jontz (@jontz_signalmag) February 23, 2017

Cyber Command is made of 80 percent military, 20 percent civilian; on the NSA side, almost the the opposite is true, with 60 percent of the jobs held by civilians, Adm. Rogers said. Attracting civilians is more difficult than active duty, the latter of which are drawn by the same attributes that motivate young people to become riflemen or deck seamen. “The self image of this work force is that they are the digital warriors of the 21st century.”

The two also discussed the solutions needed to avoid what Adm. Stavridis called a “Snowden event” to safeguard against insider threats. The answers can be found in industry, Adm. Rogers offered, which already is working to protect themselves from the same threat. “I’ve come to the conclusion that there are several aspects to this,” Adm. Rogers continued. “There is a human dimension to this. How do we gain insight on individual and ensure that we’ve got the right person in the right position? At the same time, there is a technical piece. The other dimension crosses between the two of them.”

Countering #InsiderThreats meshing of understanding humans, technology and where the 2 meet, Adm. Rogers- #WEST2017

— Sandra Jontz (@jontz_signalmag) February 23, 2017

A talk about national security could not take place without mention of threats posed by nations such as Russia, China, North Korea and Iran. Though the two men did not shed much new information in that arena, the discussion did spur Adm. Rogers to share that the U.S. government must rethink how it defines critical infrastructure in this digital age. 

“I don’t think we thought to ourselves: What about information, data and fundamental processes?” Adm. Rogers said. “Data increasingly now has a value all its own.”