Despite the fact the U.S. military has a component fully dedicated to cyberspace, this command is typically not involved in the majority of major cyber incidents that occur.
If you talk about the number of things that happen that you see in the press, “most of those, people always ask: 'Is Cyber Command involved?' Typically we’re not,” Cyber Command’s deputy commander, Lt. Gen. Kevin McLaughlin, said at the Air Force Association's Air, Space and Cyber Conference on Sept. 20. “We track it all and we pay close attention to it, but the attacks of significant consequence is a threshold. It’s not specifically defined … we want enough flexibility as a nation.”
McLaughlin was pointing to the threshold in which the military gets involved in cyber incidents that occur within the U.S. border. Under the military’s support to civil authorities, which also transitions to the physical world — especially during natural disasters — Cyber Command will lend a hand only in “attacks of significant consequence,” in line with one of the command’s three mission sets.
Acting Assistant Secretary of Defense for Homeland Defense and Global Security Thomas Atkin told the House Armed Services Committee in June that the government has a responsibility to defend against attacks of significant consequence, determined by whether there is loss of life, physical damage, an economic impact or an impact on American foreign policy, noting that these factors are determined on a case-by-case basis.
“As far as an attack of significant consequence, which [the Department of Defense] DoD would respond to in the homeland, we don’t necessarily have a clear definition that says this will always meet it,” Atkin said, noting the decision is based upon the four aforementioned criteria. “There are some clear lines in the road, which we would evaluate any specific cyber act or incident in how we would respond to that.”
Cyber red lines: ambiguous by necessity?“U.S. Cyber Command isn’t the entity that decides whether something that happened was an attack on the United States, that’s a policy decision,” he said. “Our contribution to it is having the robust and experienced ISR intelligence capacity connected with other parts of DoD and then we connect that more broadly within the government.”
McLaughlin also added that the government has laid out the policy and responsibilities for those involved during such a crisis. Most of the things you read about in the paper, he said, are either a law enforcement issue or it’s some activity — not against a DoD target but against a broader U.S. target in which DHS has responsibility.
“Our part is making sure we have great, robust intelligence capabilities that contribute to that and that we are ready as soon as something happens that trips that threshold, whether it’s a nation-state attack that DoD is responding to or it’s that attack of significant consequence. At that point, our forces deploy and are ready to respond in any way that we can,” he said.
These ISR roles also include looking for the top cyberthreats in terms of what they are doing, what they are planning and what they are executing in terms of operations. While the theft of credit card data and criminal activity in cyberspace used to be a major problem — to the extent it persists — McLaughlin noted that this is not what the key trends are anymore. Rather, the key trends today are data being stolen for other purposes and network intrusions.
“We’re really interested in securing our data. We’re the big repository for the personal data of where our forces are kept [and] we’re beginning to watch where adversaries actually want to fight and own and take over your networks,” he said. “So can you trust that the network that you have, your cyber terrain that you’re in charge of, that the data within it has good integrity? So we see examples of adversaries that increasingly want to take over and fight for control or ownership of your own networks. That’s different than stealing data … it’s a different military problem.”
McLaughlin, while declining to offer specific details regarding current operations, outlined his concerns as they relate to the Islamic State group. Noting that Cyber Command’s commander, Adm. Michael Rogers, testified to this point recently in front of Congress — saying that ISIS “remains the most adaptive target I’ve ever worked in 35 years as an intelligence professional” — McLaughlin said Tuesday that ISIS is “of the most adaptive and skilled adversaries in cyberspace in terms of their use of IT and secured communications, especially robust use of commercially available capabilities.”
Cyber Command leader: ISIS is 'most adaptive target' seen in 35 years of intel“Commercially available encryption is causing a huge challenge to law enforcement and intelligence communities,” Michael Leiter, former director of the National Counterterrorism Center, said in September. “It’s not that intelligence and law enforcement ever had a perfect vision into what [terrorists] were doing anyway, but the widely available nature of commercial encryption makes surveillance ... much more difficult. And terrorists understand that and they’re taking advantage of it.”
Clapper: Technology helps, harms national securityTerrorists, Leiter continued, are also trying to take advantage of technologies such as drones and cyber. Terrorists, especially homegrown extremists, don’t need very advanced technology to make a big difference, he said. “Largely, the edge that [terrorists have] gotten is an appreciation of our weaknesses and how they can do things without great technology,” he said. Terrorists like simple things that work, such as driving large trucks laden with explosives through crowds or barriers or traveling to nations where automatic weapons are readily available, he added.
In cyber, he continued, you don’t have to be a nation-state with millions of people, but you have to have a small number of very skilled people to have a big effect.
“What’s fascinating about cyber is a keystroke, thousands of computers can stop working,” he said. To generate the same effect in the physical domain, “I’ve probably got to do something to generate thousands of physical strikes. … We can do that well as an Air Force, but it’s a different notion in cyber.”
No comments:
Post a Comment