If there’s one thing the cyber leads in each of the military branches agree on, it’s that they still have a long way to go in beefing up America’s cyber defenses and protecting critical networks and information.
Speaking before a packed auditorium at the Association of Old Crows’ InfoWarCon, Army Gen. Keith Alexander, the head of U.S. Cyber Command, noted that while the threats of the future will be perpetuated across computer networks, “a missile is still easier to detect.”
The issue for many military leaders is how to beef up security in an arena that is largely devoid of policy requirements. With many threats coming in through network users (as a result of spear phishing and data mining campaigns) Internet providers and the U.S. government are beginning to ask if it’s appropriate to set up minimum security standards and require users to meet them before accessing the web.
“I don’t think that’s a government responsibility as much as it is an Internet problem” for those providing web services, such as AT&T, said Alexander. Looking at the World Health Organization as an example, Alexander noted that a long time ago specific health standards were set up to prevent illnesses from being carried across country boundaries. The web may, similarly, need to look more aggressively at how to beef up defenses.
While the demand for solutions to the problems of defending American intellectual property in a contested web environment is strong, other speakers emphasized that the solutions will need to be broad and easily applied across platforms.
“I’m not looking for silver bullet solutions I can only use once,” said Air Force Maj. Gen. Susan Vautrinot, commander of Air Force Cyber. “I love apps and iPads, but that’s dessert,” she said. “And it’s sweet, but I’m a meat and potatoes kind of a girl. I’m focused on capabilities.”
Vautrinot noted that her main goal was to keep the network safe, secure, and up and running for those who need to use it. In a budget-constrained environment, cyber capabilities and expenditures will focus more on the basics of security rather than the attraction of mobile tools or creative platforms.
Network security is so critical, because for many troops it’s a lifeline to valuable information and critical work processes, both at home and during deployments. Cyber is increasingly a critical element of almost every other capability, be it information operations or electronic warfare. Innovative solutions from industry and academia are also increasingly finding their way into government systems.
“Cybersecurity is furtive ground for new kinds of entrepreneurship,” said Maj. Gen. Allen, head of strategic plans and policy for U.S. Cyber Command. “DoD must continue to access commercial technology.”
Allen noted that there will likely be “multiple motivations” behind solutions moving forward, but at the end of the day both the private and public sectors have valuable intellectual property that needs to be protected.
Almost every speaker emphasized the demand for a trained cyber force to combat the threat, as well as the need for increased awareness about just how much there is to be lost.
“The threat is real, growing, sophisticated and evolving,” said Lt. Gen. Hernandez, commander of Army Cyber. “We must recognize we’re in a contested environment. We all have a responsibility to protect the force. We can’t afford not to.”