The Wall Street Journal just ran an article titled: “New Military Command to Focus on Cybersecurity.” In it they indicate “current and former officials familiar with the plans” say a new military command will be established to coordinate the defense of Pentagon computer networks and improve US offensive capabilities in cyberwar.
WSJ also reports that Defense Secretary Gates plans to announce the creation of a new military cyber command after the rollout of the White House review.
My opinion: This WSJ article seems more balanced and accurate than the article I discussed in my post “NYT wants cyber security to be a divisive issue.”
The WSJ article is in consonance with what is going on and what should be going on. I believe NSA should be formally given the lead for defending DoD/IC systems, but defense remains a team sport, and DHS should be given the lead for defending the rest of .gov networks (while still leaning on NSA/DoD/DNI as required). And all players need to work well with industry and allies in a coordinated, fast moving way.
What does this mean for enterprise technologists? For the most part it is good news. But for day to day security operations in most enterprises, the relationships you have with other organizations will remain the same as before– for now. And the current body of best practices remains in place. You still need to understand and implement and follow the Common Audit Guidelines, for example. Doing that is going to help you and will help others too.
Related posts:
Bob,
I don’t disagree that NSA should be the lead for Dod/IC, but am curious why. Cybersecurity extends all the way to the weapon systems — an area where NSA does not have a lot of experience. And NSA has not been a traditional partner for the military (you don’t see them very often outside of the intel community). I would be concerned that they don’t fully understand the realities of the battlefield environment and might not provide the flexibility necessary.
But I would love to hear your thoughts. By the way, the new BLOG looks good.
Joel
Thanks Joel. That is an interesting observation. I have to agree totally, of course, that cybersecurity extends all the way to the weapons systems. When there are places like that were NSA is lacking of course they have to partner and grow skills. I think they should play an important coordination role, but I also think local commanders have to be held accountable for their cyber posture as well.
Thanks for the blog comments.
Cheers,
Bob
I agree that commanders should be held responsible for their cyber posture, however, current policy ties their hands and fails to provide them the resources necessary to do so. So it becomes a dilemma- do you let each CCDR do what is necessary to defend their assets, or do you manage it centrally, with decentralized execution. Or is there another alternative?
I can’t wait for the details from Secretary Gates. I think the best current option is to establish a Joint Cyber Command which operates organizationally and functionally like Special Operations Command. That is, they are independently resourced and become embedded “service providers” to the military departments and combatant commanders.
The challenge comes where you try to draw the line between traditional cyber assets and weapon systems. Advances in targeting now make it possible to select a target on a PC, then transmit the GPS coordinates directly to the weapon hanging from an orbiting aircraft. Where do you draw the line?
I think the key to “Joint Cyber Command” is money. If they channel funding through the new command, then I think there is a good chance they will be able to significantly approve GIG security.
Joel
Bob – looks like you were right: LTG Keith Alexander (DRNSA) was just named to head the new Cyber Command.
Thanks Joel, looks like some interesting things are about to happen. But so far the only thing I’ve read are drafts and then articles from reporters who have seen the draft. Now is probably a good time for us outsiders to all wait for the official announcement. I imagine it would come shortly after the White House report.
I agree with you. But I am a bit bewildered by the selection of an intel officer to lead this effort — not to degrade Alexander in any way, but we seem to continue to lock the technology specialists in the back room. The we are perplexed when systems and policy don’t work well together. My experience is that if you put an intel (or fill in the blank) officer in charge, then you will get an intel-oriented solution. We all fall back on our career experiences and strengths….