August 19, 2014, FORT MEADE, Md. (NNS) – U.S. Cyber Command continues to expand its capabilities and capacity, Navy Adm. Mike Rogers said Aug. 14.
The Cybercom commander was speaking during an interview at the NSA headquarters building here. Rogers is also director of the National Security Agency and chief of the Central Security Service.
“The decision to create [Cybercom] was a … recognition of a couple things. No. 1, the increasing importance of the cyber domain and the cyber mission set in Department of Defense operations in the 21st century,” Rogers said.
Such a command would add to the department’s ability to protect and defend its networks, and give policymakers and operational commanders a broader range of options, he said.
The second consideration involved DoD’s mission to defend the nation, coupled with the potential of nation-states, groups and individuals to conduct offensive cyber activities against critical U.S. infrastructure.
In that scenario, the admiral said, defense officials thought it was likely the president would “turn to the secretary of defense and say, ‘In your mission to defend the nation, I need you to do the same thing here in the cyber arena against this mission set critical to U.S. infrastructure, and I need an organization capable of doing that.'”
These conditions led the department to realize the need to create a traditional warfighting organization capable of executing a spectrum of cyberspace missions, Rogers said.
And, he added, they knew they needed to do so “with a dedicated professionalized workforce. This is not a pickup game where you just come casually to it.”
Rogers said he focuses on five priorities for Cybercom.
These are to build a trained and ready cyber force, put tools in place that create true situational awareness in cyberspace, create command-and-control and operational concepts to execute the mission, build a joint defensible network, and ensure Cybercom has the right policies and authorities that allow it to execute full-spectrum operations in cyberspace.
Making progress is important to Rogers, who characterized his ultimate goal as bringing Cybercom to a level where it’s every bit as trained and ready as any carrier strike group in the U.S. Central Command area of responsibility or any brigade combat team on the ground in Afghanistan.
“My objective during my time as the commander, first and foremost,” the admiral said, “is to ensure that we have brought to fruition the operational vision in cyber … [to make sure] it’s something real, it’s something tangible, and it is operationally ready to execute its assigned missions.”
That is happening as Cybercom brings its warfighting capability online, with the services generating a total cyber mission force of about 6,000 people by 2016, all trained to the same high standard and aligned in 133 teams with three core missions:
— The Cyber National Mission Force, when directed, is responsible for defending the nation’s critical infrastructure and key resources.
— The Cyber Combat Mission Force provides cyber support to combatant commanders across the globe; and
— The Cyber Protection Force operates and defends the DoD information network, or DoDIN.
Defending the DoDIN is the focus of a partnership in progress with the Defense Information Systems Agency, or DISA.
The agency provides command and control and information-sharing capabilities and a globally accessible enterprise information infrastructure to warfighters, the president and national leaders, and other mission and coalition partners.
DISA, Rogers points out, is also a combat support agency.
“I have always believed … that we need to integrate operations and networks and our defensive workforce into one team,” Rogers said, “and that you are more effective in operating a network and in defending a network when you do it with one integrated approach.”
As a result, Rogers’ team decided they needed to create a relationship with DISA, he said, adding, “At the moment there’s no formal [command and control] line between us, but we’re in the process of creating one.”
As part of that process Rogers collaborates with Halvorsen and Hawkins.
“What I think we need to do,” he said during their meeting, “is create an operational construct that creates a direct linkage [between] U.S. Cyber Command, DISA and U.S. Cyber Command service components.”
It’s critical that the relationship includes the service components, Rogers said, “Because, under the current network structure today, those networks are largely run by [the] services. So we’ve got to create a relationship between DISA and the services that is very operational because you’ve got to maneuver networks, you’ve got to react to changes, and you can’t do that in a static kind of environment.”
He added, “We’re in the process of doing that and I expect to roll it out in the fall. … You’ll hear it referred to as JFHQ DoDIN,” he said, or Joint Force Headquarters DoD Information Networks.
Rogers said that he, Halvorsen and Hawkins agree, this is the future of DISA.
“[DISA] will operate on the networks. They’ll be part of our defensive effort so they will be out operating on the networks just like us,” he added.
“One of the core missions is the defense of the DoDIN,” Rogers said. “The forces associated with that mission will be assigned to DISA, to the services [and] to the combatant commanders.” So, he added, DISA will have operational control over some of the cyber mission force to help execute their mission.
Another of Rogers’ priorities for Cybercom is to help develop a common situational awareness of “what’s happening in DoD networks,” he said.
The commander highlighted the need for speed and agility in the cyber arena, adding, “If you can’t visualize what you’re doing … you’re not going to be fast or as agile, and thus arguably not as effective as you need to be.”
Rogers said, “As an operational commander I am used to the idea of walking into a command center, looking at a visual depiction that through symbology, color and geography enables me to very quickly come to a sense of what’s happening in this space. We are not there yet in the cyber arena.”
Establishing situational awareness in the cyber realm is a combination of technology and capability, the admiral said, and determining what knowledge is needed and what elements contribute to that.
“Is what U.S. Cyber Command needs to know about what’s going on in the network world the same thing as a strike group commander needs in the Western Pacific? The same thing an Air Force air wing needs in Minot, North Dakota? The same thing a brigade combat team needs in Afghanistan? It will vary, so we’ve got to create a system that you can tailor to the needs of each commander,” he said.
Rogers noted there are many ongoing efforts to improve situational awareness, pointing out the need to work collaboratively to fix the problem.
“We do have some tools right now,” he added. “They’re just not as mature and comprehensive as I’d like them to be.”
Cyber is foundational to the future, the admiral said, and he often comments to his fellow operational commanders that cyber is a mission they have to own.
“The wars of the 20th century taught most warfighting professionals that, no matter what you do, a good foundational knowledge of logistics is probably going to stand you in good stead,” Rogers explained.
In the 21st century, he added, operational commanders may find that, regardless of their mission, they will need a sense of what’s going on in their networks, where they’re taking risk, and the impact of network structure and activities on their ability to execute the mission.
“It’s not something you turn to your communications officer … or your CIO and say, ‘I don’t really understand this. Go out and do some of that for me.’ That isn’t going to get us where we need to go,” the admiral said.
Rogers elaborated on the need for Cybercom to be ready.
During his time as Cybercom commander, he said he expects that a nation-state, group or individual will attempt to engage in offensive, destructive capability against critical U.S. infrastructure, from the power grid to the financial sector.
The Presidential Policy Directive for Critical Infrastructure Security and Resilience outlines 16 designated U.S. Critical Infrastructure sectors.
Rogers says he tells his team they have to be ready to respond to such a call. But for an attack on the United States, Cybercom will support the Department of Homeland Security, which is the lead agency for broader security protections associated with critical infrastructure, and partner with the FBI, which is the lead agency for domestic attacks and law enforcement.
“Our biggest focus really is going to be bringing our capabilities to bear to attempt to interdict the attack before it ever gets to us,” the admiral said.
“Failing that,” he continued, “we’ll probably also have some measure of capability that we can provide to work directly with those critical infrastructure networks to help address the critical vulnerabilities and where the networks could use stronger defensive capability.”
To prepare for such interagency collaboration in the event of a domestic cyberattack, the command trains as it will fight, Rogers said.
“In the military I’m used to the idea that you train like you fight. So we exercise [and] we replicate the things we think are going to occur in a combat scenario,” the admiral said. “I want to do the exact same thing with the same set of teammates I’m going to operate with if we get the order to do so.”
The department and Cybercom already do internal exercises, he said, as well as ongoing interagency exercises such as Cyber Guard, in which elements of the National Guard, reserves, NSA and Cybercom exercise their support to DHS and FBI responses to foreign-based attacks on simulated critical infrastructure networks.
The whole-of-government exercise, completed June 17, was designed to test operational and interagency coordination and tactical-level operations to prevent, mitigate and recover from a domestic cyber incident.
Cyber Guard is a good example, Rogers said, “but I want to build on that. DHS and FBI were there but I think we can do even more.”
Information sharing and partnerships with the critical infrastructure sectors is an important aspect of enabling Cybercom to more effectively interdict and stop an attack, if directed to do so by the president and defense secretary, he added.
The cyber threat is growing increasingly complex, the Cybercom commander said, and a more diverse set of actors is involved in the mission set, “from nation-states that continue to increase their capabilities, to groups, to individuals.”
In broad terms, he added, “you don’t see a crisis in the world today that doesn’t have a cyber aspect to it.”
For that reason and others, the ultimate construct of Cybercom must be flexible, the admiral said.
“If you want to develop full-range capabilities and generate the maximum flexibility for their application, you’ve got to build a construct that recognizes we’re going to be supported sometimes, we’re going to be supporting other times, and sometimes we’re going to be doing both simultaneously,” Rogers said.
In one scenario Cybercom might be helping the commander in the Pacific, he said, and “at the same time we might be driving efforts to secure the U.S. financial infrastructure … and trying to support U.S. Central Command.
“It’s just the nature of things,” Rogers said, “because cyber is so global and so foundational.”