Modern field guide to security and privacy

Declassified documents reveal scope of Defense Department’s cyber strategy

The Pentagon has declassified several confidential documents that reveal a lack of authority in Cyber Command that experts say may hamper the nascent cyber force.

|
Yuri Gripas/Reuters/File
Admiral Michael Rogers, head of Cyber Command and director of the National Security Agency (NSA), takes part in a conference in Washington last October.

More than two dozen declassified Pentagon documents revealed details about the role of Cyber Command, the Defense Department's still-forming unit tasked with defending the country's digital domain. 

Though initially established to consolidate the military's digital operations, Cyber Command does not serve as a full-scale Defense Department command. Positioned under the wing of US Strategic Command, tasked with minding the US military’s nuclear arsenal, Cyber Command appears to have little authority to execute its mission without oversight from other command units.

In fact, several experts who have reviewed the documents say Cyber Command's lower rank compared to other units such as Central Command, which oversees operations in the Middle East, could actually undermine the country's ability to confront growing threats in cyberspace. 

"[Cyber Command] has far too many layers of bureaucracy and management to ever truly leverage cyber capabilities effectively," said Robert M. Lee, chief executive officer Dragos Security, and a former US Air Force cyber officer. “If you go look in the org chart, there’s about 16 layers between the actual person doing the operation and any given level of improvement."

Specifically, Mr. Lee said Cyber Command relies too heavily on the National Security Agency. Its director, Adm. Michael Rogers, also leads Cyber Command. 

"Everything that Cyber Command wants to be able to do right now, a significant portion of it is enabled by the operations that the NSA does," said Lee, adding that Cyber Command depends upon the NSA for most of its intelligence collection. "The direct tie creates a culture where Cyber Command can ultimately underperform."

Since its formation in 2010, Cyber Command has faced numerous setbacks. It fell far short of its goal to recruit 6,000 people by 2016, adding just 1,000 information security experts from a base of 2,000 by last spring. In the Defense Department's budget for fiscal year 2016, Cyber Command's budget fell by 7 percent, from $509 million to $463 million. That budget is dwarfed by even the smallest US military service – the Marines – given just over $25 billion to conduct their operations last year. 

Despite that, Cyber Command leaders still aim to create a 133-team cybermission force by 2018, which would include groups that assist on the offensive and defensive sides of cybersecurity, providing support to the Defense Department’s combatant commands, and defending the Pentagon’s internal networks and the public against significant cyber attacks. 

The planned expansion of Cyber Command, first established around the time of the Stuxnet attack on Iran's Natanz nuclear facility, comes with the US facing the growing threat of cyberattacks and digital espionage. But despite the threat ramping up, Cyber Command chief Admiral Rogers has not suggested that the military elevate the nascent force.

"You have some advocating, 'Is cyber so different, so specialized, so unique, so not well understood that it requires a very centralized, focused, unique construct to how we generate capacity and knowledge?' " Rogers said at an event at the Atlantic Council, a Washington think tank, on Thursday, according to reports in Defense Systems. "There are some who make that argument. I am not one of those."

Rogers said Cyber Command would focus on protecting systems and platforms this year as it moves toward larger personnel increases in 2018, drawing upon the US military's current capabilities and leadership in the Army, Navy, Air Force, and Marines. But some experts say that Cyber Command will continue to face conflicts of interest with Rogers also leading the NSA. 

"The fact that NSA and Cyber Command are led by the same person creates a natural conflict between the agencies' respective intelligence and military missions," said Dave Weinstein, a cybersecurity fellow with New America, a Washington think tank. "Nine times out of 10, NSA’s institutional clout is going to give them a decisive advantage at Fort Meade and downtown."

Despite that, he said the release of the 27 documents, some of which were acquired through Freedom of Information Act requests made by the George Washington University’s National Security Archive, could help Congress address some of the challenges the organization faces, including recruiting and a lack of authority.

“Cybercom’s lack of authority to conduct its mission is partly attributed to a general lack of understanding about its mission," said Mr. Weinstein. "Lifting the veil a bit could go a long way toward normalizing the way we think about military cyberspace operations — both domestically and internationally."

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Declassified documents reveal scope of Defense Department’s cyber strategy
Read this article in
https://www.csmonitor.com/World/Passcode/2016/0122/Declassified-documents-reveal-scope-of-Defense-Department-s-cyber-strategy
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe