Pentagon Cyberspace Plan Is a Work in Progress

by












  Space News Business

Pentagon Cyberspace Plan Is a Work in Progress

By TURNER BRINTON
Space News Staff Writer
posted: 13 May 2009
02:09 pm ET






WASHINGTON
— As the U.S. Defense Department continues working to understand how it will organize itself to conduct operations in cyberspace, a recent report from the National Research Council found the
United States
is behind the curve in developing the decision-making and oversight mechanisms required to fight in the domain.

The Pentagon in recent years has come to view cyberspace dominance as critical to defending the nation and is now preparing for cyberspace operations just as it does for the other warfighting domains, Army Lt. Gen. Keith Alexander told a U.S. House of Representatives panel May 5. Alexander is director of the U.S. National Security Agency at
Fort Meade
,
Md.
, and also commander of U.S. Strategic Command’s Joint Functional Component Command for Network Warfare, which was recently given responsibility for both the military’s offensive and defensive cyberspace operations.

The next step in positioning the department to wage cyber warfare is a more substantial reorganization, which may be to establish a new cyber command under Strategic Command that would be headquartered at
Fort
Meade
, Alexander said in written testimony submitted to the House Armed Services’ terrorism, unconventional threats and capabilities subcommittee.

Alexander said
U.S.
operations in cyberspace are still immature and that government work force training remains inadequate and must be improved. He also said defense of
U.S.
networks must be made accountable at the highest levels, and that more networks security functions must be automated to move quickly enough to stay ahead of the threat.

Most of what the military does in offensive cyberspace is highly classified, and that secrecy has impeded an open debate on the legal and policy issues that surround cyber warfare, according to the National Research Council’s April 29 report, “Technology, Policy, Law and Ethics Regarding U.S. Acquisition and Use of Cyber Attack Capabilities.”

The report found the legal and policy framework around the
United States
‘ use of cyber attacks to be ill-informed and undeveloped, and that the decision-making and oversight mechanisms for implementing those attacks are inadequate today. It said the United States has much to lose in cyber warfare as the ease of cyber attacks is increasing and critical national infrastructure is more reliant on computer networks than ever before. Much of what goes on in cyberspace is not attributable to nation-state actors, and enduring unilateral dominance is not realistic or achievable, it said.

The report recommended fostering an open national debate on the policies of cyber attacks and establishing a national policy for cyber attacks across the government. The government should also develop a clear set of circumstances for how, when and why cyber attacks would be used, and report periodically on cyber attacks made by defense, intelligence and law enforcement agencies. The
United States
should also apply the moral and ethical principles of armed conflict to cyber warfare, and
U.S.
policymakers should judge the significance of cyber attacks on the basis of both their direct and indirect effects.

Meanwhile, responsibility for protecting Air Force computer networks was recently delegated to Air Force Space Command, which is in the process of adding some 7,000 government, civilian and contractor personnel to perform the mission. Air Force Space Command will stand up a new numbered Air Force to lead this task: the headquarters for the 24th Air Force has not yet been determined, but it will have two subordinate wings at Lackland Air Force Base, Texas, and Tinker Air Force Base, Okla., Air Force Lt. Gen. William Shelton, chief of warfighting integration and chief information officer in the Office of the Secretary of the Air Force, said during the hearing.

To train these new people, the Air Force is enhancing its training programs via measures such as expanding its distance learning capabilities, including cyber security in its professional military education courses and adding a cyber security block to Air Force basic military training.

Reductions to the size of the Air Force over the past several years, along with the general decrease in the number of engineers, scientists and mathematicians coming out of
U.S.
universities, had made expanding the service’s cyber work force difficult,
Shelton
said.

“Despite the economic downturn, the competition for these people remains fierce,”
Shelton
said in written testimony. “We are working hard to recruit the cyberspace warriors of tomorrow and to retain the great people we have in these positions today.”