Cyberspace-Enabled Coalitions May Save Cyberspace
TechNet Asia-Pacific 2013 Online Show Daily: Day 2
Quote of the Day:
“You may have to make the job fun. What motivated me to get where I am today is not necessarily what will motivate the leaders of tomorrow.”—Cindy Moran, director, network services, Defense Information Systems Agency
Cyber has provided the means for rapidly assembling and operating military coalitions in the post-Cold-War era. Now, the very nature of the domain may require coalitions to save it from a growing menu of threats. These threats can range from annoying hackers to organized crime to malicious nation-states and even geopolitical movements to restrict the flow of ideas. While the panoply of perils is diverse, the actions to defend against them may have to spring from the well of government and organizational cooperation.
Saving cyberspace was a major discussion point during day two of TechNet Asia-Pacific 2013, being held in Honolulu, Hawaii, December 3-5. Speakers and panelists from several countries addressed many issues relating to cyber and its continued effectiveness.
Scott Dewar, the Australian consulate general in Honolulu, called for domestic and international coalitions to generate approaches for cybersecurity. Saying that effective cybersecurity ultimately will depend on the ability of nations with shared interests forming coalitions that influence the development of international rules and regulations, Dewar called for “a global approach to cybersecurity and common rules of operation.”
He also warned of letting others define the Internet. Australia believes the openness of the Internet is “a libertarian force for good,” he said, adding “we need to be building like-minded coalitions” to obtain results that work in cybersecurity.
“We have to be about ensuring access to the Internet, not restricting access. We should build coalitions that support that,” he said. “We need to make sure we’re building coalitions to push out positions to counter Internet control.”
The same approach needs to be applied domestically, he said. Government, industry and the military must work together to protect cyberspace, which after all is a national asset.
But achieving international cyber cooperation is proving difficult for a number of reasons. Mihoko Matsubara, a cybersecurity analyst with Hitachi Systems, Tokyo, said cultural differences are one the biggest challenges faced by security experts—whether they are in government, academia or the private sector.
She related that Japanese experts think that Americans are too quick to make decisions and would rather hear possibilities more than pure facts. American experts believe that their Japanese counterparts take too much time to make decisions and are too rigid and orthodox. Neither side may realize the cultural motivation behind the other’s positions.
“We try to accept different views from each other,” she related. “We should accept the differences and face difficulties together.”
Some international barriers are legal rather than cultural. Jim Jaeger, chief cyber services strategist, General Dynamics Fidelis Cybersecurity Solutions, described how national laws in many advanced democracies actually are counterproductive today in the fight against cyber criminals. These laws not only provide cybermarauders with hiding places, they also prevent global law enforcement from pursuing them as they prey on unknowing victims around the world.
Jaeger related that many countries—such as Singapore, Germany and other European Union nations—have very tight privacy laws. Many of these laws are tying the hands of security and law enforcement. “We couldn’t pull [suspect] files out of one country,” he related. “They had to be left in the country. So, we had to fly people into this country to look at files we knew were exfiltrated from another country.”
One solution is to build teams of forensics firms in different countries that will be ready to respond immediately to a security breach. “You can't wait until a breach occurs,” he pointed out.
Two modern democracies have undertaken national cyber policies that combine the efforts of government, industry, the military and the public. Cameron Ashe, an Australian official who is the deputy J-2 at the U.S. Pacific Command (PACOM), described how Australia is “taking a whole-of-government approach to a whole-of-nation problem.”
Ashe pointed out that risks and effects are shared equally by government and industry. Accordingly, they must share best practices in a collaborative environment. This includes sharing the development and implementation of cyber security training and education.
The country recently elevated cybersecurity as a major priority for national security, and in 2009 it established a Cyber Security Operations Center (CSOC). Earlier this year, the government announced the creation of the Australian Cyber Security Center, which will address government and industry operations as well as criminal activity. Rear Adm. Willie Metz, USN, PACOM J-2, commented after Ashe’s presentation that the Australian approach could serve as a model for all nations, including the United States.
South Korea also has developed a national policy and program that brings government and the private sector together in a coordinated effort. This thrust, which emerged from two serious cyber attacks earlier this year, aims to have several key measures in place by 2017, according to Walter Paik, Republic of Korea consul general in Honolulu.
The Korean government defines this effort as prompt, cooperative, robust and creative—PCRC. It is a comprehensive plan in which government cooperates with the private sector. In the event of another major cyber attack, a public/private/military response team will kick in and respond.
By 2017, Korea hopes to have a robust infrastructure in place. The number of companies that provide vital cyber information to the program will be expanded greatly. And, the government aims to have 5,000 cyber experts trained by that year.
.jpg)
Maj. Gen. Mike J. Milford, Australia Military, chief technology officer, Chief Information Officer Group of the Australian Department of Defence, describes how a risk acceptance approach works for cybersecurity in coalition networks.
Risk management is emerging as the prevailing approach to securing cyber networks. For coalition operations, countries must undergo a cultural sea change for cybersecurity. Maj. Gen. Mike J. Milford, Australia Military, chief technology officer, Chief Information Officer Group of the Australian Department of Defence, pointed out that interconnected and coalition networks multiply the cyber threat significantly. The risk acceptance approach has resulted in increased dependencies and obligations between nations, and this will continue.
“Technical connectivity is easy,” the general stated. ”Harder issues are information management and real-time monitoring and reporting. We don’t do those well.”
Ensuring that cyberspace workers are capable of dealing with progress as well as defense brings the human issue into focus. Senior Master Sgt. Torry Hickson, USAF, Defense Information Systems Agency (DISA) Pacific, stated that an organization dealing with cyber needs a mix of young and old people. This will combine leadership built of wisdom with an innovative spirit with technology knowledge.
Senior Master Sgt. Hickson called for creating “a culture of leadership; a culture of mentorship.” Leaders should talk to their people frequently to create a presence in their workday. It helps them feel a part of the organization, he offered.
Some issues are generational in nature. Cindy E. Moran, director, network services, DISA, offered that young people today are not necessarily enticed by opportunity alone. “You may have to make it [the job] fun,” she suggested. “What motivated me to get where I am today is not necessarily what will motivate the leaders of tomorrow.”
Coming up on the final day of TechNet Asia-Pacific 2013:
Addresses by two top U.S. Navy leaders—Terry Halvorsen, Department of the Navy chief information officer, and Adm. Harry B. Harris Jr., USN, commander, U.S. Pacific Fleet—along with a panel discussion on the Joint Information Environment.
