The following is a guest post by Richard Stiennon who will be my guest on the May 7th, 2010 PI Window on Business segment “Surviving Cyber War” on Blog Talk Radio at 12:30 PM EST.
Note: This is the second guest post by Richard in the Procurement Insights Blog. The first “Look to how the Cold War was won, not how it was maintained, for a cyber strategy” was published on April 21st, 2010.
Today’s hearing on the nominations of Keith Alexander to head CYBERCOM (and Admiral Winnfield to head NORAD and NORTHCOM) were the first time that operational responsibilities of CYBERCOM have been discussed in a public forum. The Chairman of the Armed Services Committee, Senator Carl Levin (D Michigan) began by posing three scenarios to Lt. General Alexander:
Scenario 1. A traditional operation against an adversary, country “C”. What rules of engagement would prevail to counter cyber attacks emanating from that country?
Answer: Under Title 10, an “execute” order approved by the President and the Joint Chiefs would presumably grant the theater commander full leeway to defend US military networks and to counter attack.
Title 10 is the legal framework under which the US military operates.
Scenario 2. Same as before but the cyber attacks emanate from a neutral third country.
Answer. Additional authority would have to be granted.
“Assume you’re in a peacetime setting now. All of a sudden we’re hit with a major attack against the computers that manage the distribution of electric power in the United States. Now, the attacks appear to be coming from computers outside the United States, but they are being routed through computers that are owned by U.S. persons located in the United States, so the routers are in here, in the United States.
Now, how would CYBERCOM respond to that situation and under what authorities?”
Answer: That would be the responsibility of the Department of Homeland Security (DHS) and the FBI.
Alexander: “that’s probably the most difficult [scenario] and the one that we’re going to spend the most time trying to work our way through.”
These were great questions and Alexander‘s answers are short and to the point and you cannot blame him for not being completely specific because this is uncharted territory. In his opening remarks Senator Levin questioned Keith Alexander’s suitability because his background has been in military intelligence, not combat command. I for one think this is a good thing for someone leading a military CYBERCOM. Military metaphors can be dangerous when confronting Internet threats.
Keep in mind that CYBERCOM is a joint operation made of many components. Here are a few of them from Surviving Cyberwar:
The creation of a Cyber Command under the Strategic Command (STRATCOM) led by the head of the National Security Agency (NSA, the US intelligence agency), Lt. Gen. Keith Alexander, who will have both roles (USCYBERCOM and NSA). The cyber units associated with each branch of the military will be under his operational control. These include the Army, Navy, Marine Corp, and Air Force cyber commands as well as supporting other combat commanders.
The Cyber Command will support the Director of the Defense Information Systems Agency (DISA), which in turn has input into a Joint Operations Center that will be the core of operations under the command of a Deputy Cyber Commander.
CYBERCOM officially “stood up” in October 2009. It was pre-dated slightly by the US Air Force’s creation of the Air Force Cyber Command based at Lackland Air Force Base outside San Antonio, Texas, August 18, 2009.
The newly designated 24th Air Force staff will provide combat-ready forces trained and equipped to conduct sustained cyber operations, integrated within air and space operations. The Air Force 688th Information Operations Center and the 67th Network Warfare Wing were combined under the new 24th Air Force.
On October 1, 2009, the US Navy announced the creation of an “Information Dominance Corps” within the Fleet Cyber Command that would include 44,000 personnel and that 1,000 new cyber warriors would be hired or trained. That many personnel represent all of the Navy’s intelligence, computer, and information operations staff, combined to take advantage of the new awareness of cyber space as a war fighting domain. The organization is aligned with the Cyber Command. Note that the new title reflects the US military’s stated goal of “Information Dominance.” The leader of this new corps bears the title: Director of Information Dominance.
The US Army has yet to announce an over-arching cyber command. Their significant Information Operations (IO) and Network War Fighting capabilities are being coordinated by the the 1st Information Operations Command, which works with (but does not command) the Army personnel working with Joint Task Force – Global Network Operations. IOC also works with National Security Agency (NSA), and Joint Functional Component Command-Network Warfare, Army Network Operations (NetOps) forces assigned to the Army Network Enterprise Technology Command/9th Signal Command, as well as Network Warfare (NetWar) forces assigned to the Army Intelligence and Security Command (INSCOM). With computer, network, and information resources disbursed throughout a military command the need for centralization is having a real impact on the organization of the US military.
In September 2009, the US Marine Corps published a position paper indicating they are preparing their own response to the challenge of cyber war operations. The paper states that the US Marine Corps “needs to take full advantage of potential offensive opportunities in the cyberspace domain and to minimize the asymmetric, critical vulnerabilities created by our reliance on networked communications. The Marine Corps should develop a comprehensive understanding and approach to cyberspace operations that fully integrate all aspects of computer network operations, information assurance, and network operations under a single command or proponent.”
Outside the military, the National Cybersecurity Division (NCSD) within the US Department of Homeland Security bears responsibility for overall cyber security in the United States. It oversees US-CERT and coordinates activities between public and commercial security groups as part of their mandate. In addition DHS operates the Office of Cybersecurity and Communications, which is concerned with protecting critical information infrastructure. One more organization, the National Cyber Security Center, is a very small office. Its first head, Rod Beckstrom, resigned after its first year amid the confusion at DHS and the White House over how to centrally coordinate the many organizations within the Federal government that deal with cyber security. It is still unclear how these DHS and White House cyber security offices will work with the DoD Cyber Command.
Richard Stiennon is the founder of IT-Harvest, an independent IT security analyst firm, and the author of the security blog ThreatChaos.com. He is a holder of Gartner’s Thought Leadership award and was named “one of the 50 most powerful people in Networking” by Network World Magazine. He lives in Birmingham, MI.
This book examines in depth the major recent cyber attacks that have taken place around the world, discusses the implications of such attacks, and offers solutions to the vulnerabilities that made these attacks possible. Through investigations of the most significant and damaging cyber attacks, the author introduces the reader to cyber war, outlines an effective defense against cyber threats, and explains how to prepare for future attacks.
Remember to use the following link to tune into both the On-Demand and Live “Surviving Cyber War” broadcast on May 7th, 2010 at 12:30 PM EST.