Photo: Wikipedia.org

A new memo from the Defense Department says the responsibilities of DoD chief information officer won’t be transferred to Cyber Command.

Posted online July 5, the undated memo is signed by former Defense Secretary Robert M. Gates, who recently resigned from his role.

According to the memo, obtained by FierceGovernmentIT, Gates had previously “tentatively agreed to a conceptual approach” under which significant responsibility for the operation of DoD networks would have transferred away from the DoD CIO and Defense Information Systems Agency to Cyber Command.

However, “significant policy, operational and practical concerns” prevent that from taking place, and DoD was back at square one with trying to figure out the duties of the DoD CIO.

“To this end, I believe the best course for the department is to return to the original goal of disestablishing [Networks Integration and Information] into a smaller and more focused and strengthened Chief Information Officer Office that has a strong relationship between DISA and CYBERCOM and achieves savings from eliminating functions that are duplicative or no longer necessary,” Gates writes.

The memo requests that acquisition oversight of major automated information systems and responsibility for netcentricity and command and control systems be transferred to the Office of the Under Secretary of Acquisition, Technology and Logistics by Sept. 30

Gates also calls for an enhanced relationship and clearer delineation of responsibilities between CIO, DISA and Cyber Command, “consistent with my decision to retain responsibility for DISA within CIO.”

Gary Gagnon, MITRE

Gary Gagnon joined The MITRE Corporation 24 years ago and has been working mostly in information security. Today, he is the corporate director for cybersecurity, responsible for defining the corporate strategy for cyber as well as managing its execution. Additionally, Gagnon leads security efforts related to MITRE’s IT infrastructure. Here, he talks to The New New Internet about MITRE’s latest cyber efforts, the biggest cyber threat today and recruiting top talent.

The New New Internet: An important consideration in cybersecurity is making sure that adequate security exists while still providing information to the people who need it. How does MITRE look to handle this issue?

Gary Gagnon: What we’ve come to realize over the years is that it’s really, fundamentally, about your architecture and how you design your networks. We think, at this point, that the adversaries we are seeing on the Internet are so determined to compromise systems that they’ll eventually get in. The only way to address this problem is through a redefined architecture, which protects your most sensitive data from that connection to the Internet. We talk about things like resilient secure architecture with zones of trust built into the architecture.

The New New Internet: What are some of the major cybersecurity efforts currently underway at MITRE?

Gary Gagnon: We are trying to reach out to the larger cybersecurity community about how you would redesign systems. How would you even talk about this in a common way: What’s the taxonomy and framework? How would you design these resilient architectures? So, not only are we thinking about ourselves and our internal architecture but we’re trying to engage the larger cyber community in a dialogue on how these new architectures would look and what their attributes should be.

The New New Internet: I understand that MITRE is running on Honeyclient as a method to fight malware distributors. Can you elaborate on that?

Gary Gagnon: The Honeyclient was a research activity that was started a few years ago. It was designed to combat the problem of email messages that users would receive with embedded links to external websites. Once somebody inside an organization clicked on that web link, their browser would go out to that site and it would compromise their computer. So, we introduced a research prototype to ferret out malware such as Internet worms.  If the Honeyclient finds changes to sensitive system files or keys, it flags the URL as potentially malicious.  We’re pleased to say that we believe commercial industry has picked up on this concept and there are products that are emerging now that do very similar things.

The New New Internet: What do you see as the biggest threat in cyberspace?

Gary Gagnon: I think it is economic. Opponents are attacking systems at an increasing rate. From a defensive side, this costs businesses a lot of money not only for protection strategies but also for cleanup. We somehow have to get our arms around this issue. We have to find a way to raise the costs for our opponents while not significantly raising the costs for our defenders.

The New New Internet: How important do you think the Cyber Command and Gen. Alexander as commander are to ongoing cybersecurity efforts?

Gary Gagnon: I think those were seminal events in that they really focused the attention of senior levels of both the military and the federal government on this topic. I’ve been in the business for a while and security has always been important, but this seems to have really raised it to a new level. It should go a long way in helping to develop coordinated strategies on how to deal with this topic.

The New New Internet: There has been a lot of talk about the lack of skilled cybersecurity experts. How does MITRE attempt to recruit and retain top talent?

Gary Gagnon: Yes, it is problem. We are reaching out to academia to identify those institutions that are providing students with cutting-edge programs in cybersecurity. One of the programs we partner with is Scholarship For Service, funded by the National Science Foundation to aid undergraduate and graduate students in this field. Inside MITRE, we think that every system engineer needs to understand cyber and how to incorporate it into their discipline. We want to have cyber be in the DNA of the MITRE system engineering brand.

The New New Internet: What has been your greatest challenge in the cybersecurity field?

Gary Gagnon: Talent. Finding qualified individuals who really understand the ins and outs of how to defend against cyber attacks has and will continue to be a challenge in the years ahead. Also, helping to motivate commercial industry to develop new and innovative products in this space. Many of the products that are out there today have been around for a while. I think we need some new thinking. We talked about what you do after first contact with your opponent. What might some products look like that help you in an agile defensive strategy?

Gen. Keith Alexander

During a recent roundtable with reporters at the National Cryptologic Museum, Cyber Command chief Army Gen. Keith B. Alexander said while the Internet is a tremendous capability, it also is an enormous vulnerability.

“Our intellectual property here is about $5 trillion,” he said. “Of that, approximately $300 billion is stolen over the networks per year.”

Alexander is the first commander of Cybercom, which stood up under U.S. Strategic Command in May, combining Department of Defense’s defensive and offensive cyber arms into one command. The command’s main missions: defend the defense information grid, launch cyber operations on command, and stand prepared to defend the nation’s freedom of action in cyberspace, the general said.

Instead of trying to militarize cyberspace, Cybercom is about safeguarding U.S. military assets, Alexander explained earlier this summer. The command has a budget of $120 million for this year and employs roughly 1,000 military and civilian workers. Included in this is a around-the-clock joint operations center that monitors the grid, detects attacks and neutralizes them. Working with the Air Force, Navy, Army and Marine Corps cyber commands, Cybercom parcels out how to defend the networks and who has responsibility for the specific nets.

Assigning responsibility needs to happen throughout the government, the general said, noting that technology has outpaced policy and law. The government, he added, still is dealing with laws that came out when the nation relied on rotary phones.

Because there is confusion over who does what, the White House is spearheading an effort to sort through the needs of cybersecurity and update the policies and issues, Alexander said. Once the review is finished, Obama must determine how the federal government will be organized to handle this, he added.

Congress is also looking at the problems, and Alexander said he would like to “war-game it and hypothesize what could happen and ensure the policies, laws and authorities allow us to do what people expect us to do.”

The general said he envisions a team handling things in cyberspace. DHS, the FBI, other government agencies and private stakeholders, and Cybercom all have a role, and all of them to collaborate will be a priority for cyber defense, he said.

Alexander said some questions still need to be answered, such as the definition of cyber attacks, how the laws of war apply to operations in cyberspace, and how deterrence looks in cyberspace.

Gen. Alexander

As the federal government ups the ante against cyber adversaries, the civilian and military officials leading those efforts are committed to adopting meaningful measures to protect citizens’ privacy, National Security Agency Director Gen. Keith B. Alexander said on Tuesday.

Speaking at the O’Reilly Media Gov 2.0 Summit in Washington, D.C., Alexander addressed the issue that better security may come at the expense of personal privacy. EsecurityPlanet.com quoted Alexander as saying:

“As the director of NSA and the commander of U.S. Cyber Command, I have an obligation to the law and to the American people to ensure that everything we do in cyberspace preserves and protects our civil liberties and operates legally under the constitution, while concurrently conducting our mission.”

The general spoke of the mandate of U.S. Cyber Command, which has brought together existing military information security units, and works collaborates with NSA. The Cyber Command also provides support to civilian agencies in the information-security arena.

Alexander also spoke of the daily cyber threats targeting the U.S. government’s systems, adding how these assaults are only growing.

“Considering the body of both personal and national treasure that resides on the Internet — information, money, medical records, personal email, critical infrastructure and, most important, national security — it is not a hyperbole to say that we have as much at risk or more than any other nation,” he said.

Gen. Kevin Chilton

After spending most of the past decade defending the Department of Defense’s computer networks, the Joint Task Force Global Network Operations command cased its colors.

Air Force Gen. Kevin P. Chilton, commander of U.S. Strategic Command, presided over the ceremony. He said that although the ceremony marked the end of the task force’s tenure, its mission continues.

“Today, we’re rolling the flag at JTF-GNO, but we’re not rolling the mission,” he said. “This mission will continue on at U.S. Cyber Command and will be as essential tomorrow as it is today to the United States of America.”

Initially, the mission of the task force was to conduct offensive and defensive cyber operations. The task force was later redesignated as JTF Computer Network Operations to assume the offensive role. The JTF Global Network Operations also was established.

The new task force’s mission was to direct the operation and defense of the global information grid throughout war fighting, intelligence and business missions within the department.

Since its activation, JTF Global Network Operations has ensured support to Operation Iraqi Freedom, Operation Enduring Freedom in Afghanistan, Operation Noble Eagle and the overall global war on terror.

Cybercom was activated in May. The JTF Computer Network Operations followed soon after. JTF Global Network Operations’ deactivation culminates years of work and effort to integrate Cybercom into its operations, Chilton said.

JTF Global Network’s final commander Army Lt. Gen. Carroll F. Pollett assumed command of JTF Global Network Operations and duties as director of the Defense Information Systems Agency in November 2008. He remains director of DISA.

As the JTF Global Network Operations colors are retired for the final time, Pollett said he is reminded of the historical significance of the transition of the task force to Cybercom. The information environment, he said, has evolved dramatically, and today the information grid is more than something that enhances capabilities.

“[Information] has become an operational imperative in our ability to deliver decisive capabilities to warfighters and our national leaders,” the general said. “Cyberspace has evolved into a new warfighter domain. Cyberspace has proven equal and just as important as air, sea, land and space as a domain. It’s clear that it must be defended and operationalized.”

Pollett praised the people under his command for their efforts, calling them “pioneers” on the cyber domain front.

“It’s an honor to recognize the [JTF Global Network Operations] men and women, past and present, for their extraordinary accomplishments in working in the cyber domain,” he said. “You led the way for dramatic changes in the Department of Defense as the mission, requirements and threats evolved.”

Roger Anderson

Roger Anderson has been involved in intelligence-related activities his entire career. In the 1980s, he worked on Department of Defense TIARA programs while at the Georgia Tech Research Institute. He then joined the CIA and spent 15 years there, working on all of the NFIP programs with the primary focus on SIGINT and technical collection missions. As a SIGINT-focused officer, Anderson worked with the NSA and completed three tours there. He took early retirement in 2002 and has since been a contractor. His contractor roles have included executive vice president for Mnemonics, Inc., and senior executive account manager for Harris Corporation’s largest IC account. A former coworker at Harris who had previously joined AST asked if Anderson would be interested in building a new AST business unit focused on cyber. “The opportunity appeared interesting, so I joined them,” Anderson said.

TheNewNewInternet: As vice president of network intelligence, what do your current responsibilities include?

Roger Anderson: I am responsible for the company’s portfolio of activities related to CNA/CNE/CND missions, independent of the procuring customer.

TNNI: What are some of the core competencies AST brings to the table in this space?

Anderson: For AST’s 26-year history, it has largely been known as a leader in SIGINT Survey & Selection Equipment (S&SE). As such, we have a deep understanding of all the significant communications technologies and protocols employed worldwide. Whereas AST’s legacy focus has been on hardware-based devices that exploited the lowest three layers of the ISO protocol stack, my division is going to focus more on software that exploits layers three through seven – building systems that help customers better understand in real-time what is occurring in their networks, whether that be detecting malicious activities, identifying critical vulnerabilities, or providing improved network management tools.

TNNI: What are some key products/services AST provides that can help address federal cybersecurity challenges?

Anderson: Most of our current technology has been developed to address IC missions; however, the same technology is directly applicable to DoD, DHS and DISA needs. We are currently adapting a suite of tools for the federal market that is based upon products we have deployed for IC missions. These tools will range from deep packet inspection, metadata processing, malware detection, network management and visualization to an integrated suite of CNA tools for the emerging DoD offensive missions. In addition, I have an engineering services business unit that works hand-in-hand with our IC and DoD customers to architect, design, develop, integrate and operate mission solutions from within customer facilities. These engineers have an excellent understanding of the key mission needs due to their proximity and exposure to daily mission activities. We are using their ideas to focus our IRAD investments and to prioritize our future products rollout.

TNNI: How do you think the cyber threat will change over the next coming years?

Anderson: Everything will be connected. As mesh networking, cloud computing and ubiquitous sensors become reality over the next decade, they will present both opportunities and challenges. Challenges on the defensive front and increased opportunities for exploitation on the offensive front. The hardest part of the cyber threat has, and will be, the fact that it is continuously evolving.

TNNI: What are some emerging technologies or processes that can be leveraged to improve cybersecurity in the federal government?

Anderson: Effective identity management, better authentication of communications and a better architected set of security appliances are critical. Today’s security appliances, which do a reasonable job (if configured properly) of defending against hackers and script kiddies, probably aren’t much defense against a nation-state with the resources, intent and political will to get into any network.

TNNI: From a business perspective, where would you like to be in the federal cybersecurity market a year from now?

Anderson: Our initial focus has been on the IC because we understand it the best. We have made successful entries into multiple special DoD cyber activities, and we’ll continue growing those. We’re very interested in DHS and are watching closely to see how its plans play out.

TNNI: How do you see the future of intelligence collection? Will it focus on HUMINT or SIGINT?

Anderson: Both will continue to be critical. HUMINT can be a key enabler to SIGINT missions and, if the corresponding lead agencies can work past their institutionalized parochialism, they can do great things together.

TNNI: What do you think the definition of cyber warfare should be?

Anderson: To deny, disrupt, or degrade the operation of an adversary’s computers, communications, or critical infrastructure.

Gen. Alexander

The Internet provides great opportunities and “tremendous vulnerabilities,” according to Gen. Keith Alexander, who spoke last week at an event in Washington, D.C.

“Our data must be protected,” Alexander, who was recently confirmed as the head of U.S. Cyber Command, said at an event hosted by the Center for Security and International Studies.

During his address, Alexander touched on the need for CYBERCOM to partner with federal departments and agencies.

“Cybersecurity is among the most important current and future challenges the DoD and our nation faces,” he said. “It is a privilege and honor to be a part of our cyber team.”

Alexander went on to discuss the need to establish clear rules of engagement in cyberspace, in order to prepare the United States to be able to respond in the event of a cyber attack.

“What we have to establish are clear rules of engagement that outline what we can stop,” he said. “What the Department [of Defense] is looking at is what are the standard rules of engagement that we have and do those comport with the laws and responsibilities that we have?”

For Alexander, this means approaching the issue from two perspectives: how the country operates during peace and during war.

“I think we need to look at it in two different venues,” he said. “What we’re doing in peace time and what we need to do in war time to support those units that are in combat.”

When asked about Russia’s recent proposal to establish a cyber limitation treaty, Alexander said that it was certainly a good starting point.

“I do think that we have to establish the rules,” he said. “I think that what Russia put forward is perhaps a starting point for debate, not at my level but at levels above me.”

Developing a common global consensus will be a key provision to future cybersecurity, Alexander said.

“If nation-states agree what we are going to do to deter malicious actors in cyberspace, that will go a long way,” he said.

Alexander also discussed the need for oversight to ensure that what CYBERCOM was doing is within the legal guidelines of the United States.

“I think the key in this is oversight,” he said. “The way we’ve set up the oversight is by having a set of oversight mechanisms by all branches of the government.”

The real issue with demonstrating oversight is that the military does not want to reveal its cyber capabilities or vulnerabilities to foreign aggressors, Alexander said.

“The hard part is we can’t go out and tell people exactly what we did or we give up capability that may be extremely useful in protecting our country and our allies,” he said. “That’s what I see as the two things we balance. I do spend a lot of my time with the Court and with Congress to explain what we are doing.”

Oversight is “growing and getting better,” Alexander said. “We spend a lot of time on that.”

“I think that’s the most important step and we’re doing it,” he said.

CYBERCOM is the latest in the growing effort by the United States to better secure its networks, Lynn said. It is a sub-Combatant Command of Strategic Command and is responsible for cybersecurity across Department of Defense networks.

“We want to be able to maintain those advantages and protect the military missions, and that is the main mission of Cyber Command – it is to protect the military networks,” Lynn said. “It will have a role, though, in protecting the government’s networks and critical infrastructure.”

The new command takes the current capabilities and centralizes them, according to Lynn.

“It will be the place where the Department of Homeland Security will come to on cybersecurity matters,” he said. “And it will help rationalize the interagency process.”

The government is still working to see how the United States might respond in the event of a major cyber attack and what role the military might play in helping to defend U.S. networks in the event of such an attack.

“We’re in the midst of a series of meetings the White House is leading to work through a lot of those legal issues,” Lynn said. “We’ve made progress organizationally, industrially and internationally, but the legal regime in particular is an area we need to tackle further.”

“Our ability to predict where the threats are coming [from], even in conventional threats, is remarkably poor,” he added. “We didn’t see Desert Storm coming. We didn’t see the series of events that led to Afghanistan. Foreseeing the threats in cyberspace is harder. With Cyber Command, I think we need to be prepared for the unexpected.”

Gen. Dale Meyerrose

Last week, Lt. Gen. Keith Alexander was confirmed as the head of U.S. Cyber Command, which will be responsible for protecting Department of Defense networks. Alexander, who was nominated back in October 2009, was confirmed by the Senate on May 11.

“I think that Gen. Alexander is a great choice to be the first Cyber Commander,” said Maj. Gen. Dale Meyerrose, vice president and general manager, Cyber Integrated Solutions at Harris Corporation. “He understands this business and he is uniquely positioned to be somebody to set some of the initial precedents and work through the myriad of planning and execution issues that confront the Department of Defense.”

CYBERCOM will be responsible for defense of the “dot-mil” space, and while it may provide support to other agencies and departments, it does not have a lead role in any other domain.

“It is an arm of the Department of Defense,” Meyerrose said. “It may assist other departments but it is the Department of Defense.”

The stand-up of CYBERCOM is unlikely to have much of an impact on Department of Defense contracts for cyber, according to Gen. Meyerrose.

“I don’t think it’s going to have much of an impact,” he said. “We have to understand how the Department of Defense works. This is a sub-Combatant Command underneath a Strategic Command. That means Cyber Command will primarily be responsible for operational control, planning and requirements.”

That structure means that CYBERCOM will not be the principle buyer for cyber technologies and services. Instead, each branch of the military will remain the main buyers, according to Meyerrose.

“Cyber Command may only have a couple hundred people assigned to headquarters,” he said. “And then they get forces assigned to them that they have control over but they don’t own. The services and the joint agencies remain the buyers.”

However, CYBERCOM could influence what types of products and services the different services will buy in the future, according to Gen. Meyerrose.

“Cyber Command will be heavy in operations planning and requirements,” he said. “There may need to be broader coordination of what gets bought by the services.”

The money Combatant Commands receive is significantly smaller than what the services are able to bring to bear. According to Meyerrose, Alexander is unlikely to have a significant budget, as Combatant Commands tend to use their funds for running headquarters, while paying salaries, etc. is still the responsibility of the various services.

Combatant Commands do provide the opportunity for some contracting, according to Meyerrose. The major acquisitions and buying of goods and services remains within the purview of each service rather than with Commands like CYBERCOM, he said.

Keith Alexander

Last week, Lt. Gen. Keith Alexander, director of the National Security Agency, was confirmed by the Senate to head the new U.S. Cyber Command.

CYBERCOM was created by Secretary of Defense Robert Gates back in June 2009 and the command will be responsible for securing the “dot-mil” domain, bringing the cybersecurity responsibilities for the military under a unified structure. This will likely alter the relationship between the military and contractors, with CYBERCOM becoming a focal point for cyber contracts with the military.

Back in October 2009, Defense Secretary Gates announced the appointment of Alexander by President Barack Obama. “We are pleased that the Senate has moved forward with his confirmation,” Pentagon spokesman Bryan Whitman said. “General Alexander brings to the job the leadership to stand up this command, and the skills and expertise that will be critical to the new command in dealing with security challenges in the cyber domain.”

In addition to its responsibilities in securing the military’s networks, CYBERCOM will also provide advanced warning of impending cyber attack and can be called upon to provide support in securing the nation against cyber threats. Nevertheless, during his confirmation hearing in April, Alexander assured members of the Senate Armed Services Committee that CYBERCOM would not be responsible for civilian networks. Instead, DHS would have that responsibility, in coordination with the private sector.

“It is absolutely important to have DHS provide security for those networks,” Alexander said.

In a recent article on The New New Internet, Melissa Hathaway, who led the 60 Day Cyberspace Policy review for the Obama administration, discussed why partnerships are absolutely critical for cybersecurity, and the best way to transform the current partnership structures to make them more effective.

Melissa Hathaway

“Both parties, government and industry, must articulate a direction for future engagement,” she writes. “Industry must be brave enough to say no, we cannot participate in one more effort.  And the government, especially the Department of Homeland Security, and every other executive branch entity with more than one partnership addressing cybersecurity should review and eliminate the overlapping and duplicative efforts.”

The number of cyber incidents continues to increase. During his confirmation hearing, Alexander said the military’s networks experience “hundreds of thousands of probes everyday” and he has “been alarmed by the increase, especially in this year.”

“Our most important resource right now is time,” Hathaway writes. “We can no longer afford to fall short of operationalizing the private-public partnership and secure our Nation’s networks.  I am willing to double down, are you?”