http://www.ndu.edu/press/what-US-cyber-command-must-do.html By Wesley R. Andrues Joint Force Quarterly Issue 59 - October 2010 Wesley R. Andrues is the Plans and Readiness Division Chief for the U.S. Army Global Network Operations Center. In June 2009, the Secretary of Defense announced the creation of U.S. Cyber Command (USCYBERCOM), a new subunified command to be led by the director of the National Security Agency (NSA). While the press colored the announcement with Big Brother undertones and hints of civil liberties surrendered, the real story lies in the intriguing legal landscape of USCYBERCOM and what it could mean for the security, efficiency, and economy of the military's networks. The Department of Defense (DOD), the largest single consumer of Federal information technology dollars, has struggled for decades to bring a singular voice and management process to its communications infrastructure. Although this is not the stated intent of the new command, USCYBERCOM must ultimately reconcile its role in information technology "ownership" and draw clear operational boundaries if it is to administer cyber security through unified standards and procedures. As USCYBERCOM now has its first commander and begins shaping its core functions, fundamental changes in the legal landscape must occur in parallel with the new organizational structure if the command hopes to effect a "comprehensive approach to Cyberspace Operations."1 In short, it must go beyond cosmetic organizational change and set to work on a campaign that genuinely reduces interdepartmental friction, repairs ailing processes, and truly empowers it to meet its mission, both specified and implied. Step One: Establish Priorities To compel its components to organize confidently and appropriately, USCYBERCOM must provide solid, intuitive operational imperatives and priorities. What tangible problem does the command seek to solve, and how does the formation of this single entity contribute to the integrity of DOD networks? One of the main impediments to answering this question is the lack of any meaningful cyberspace doctrine, or at least a serious consideration of how cyberspace operations differs from the closely related computer network operations, which is itself a key component of information operations. How does the emerging rubric of cyber now fit against the broad operational backdrop of information operations as a whole? This is an elemental question that demands top-down clarification if USCYBERCOM expects to contain its mission space and lead decisively. The question must be answered: Is it about securing the network itself, or achieving military effects through the targeted application of information in all its forms? To call it both takes a middle road that complicates the identity of this new command and makes task organization exceedingly difficult. It is not that DOD has failed to invest intellectual capital toward defining cyberspace. On the contrary, a good deal of self-examination is under way across all the Services, yet precious little substance has emerged signifying a strong, novel environmental foundation. To its credit, the Joint Staff devoted significant effort toward articulating broad cyberspace priorities in its National Military Strategy for Cyberspace Operations (2006). The basic premise echoed the notion that the United States must secure freedom of action in a "contested domain" and deny the same to its adversaries, yet its ambitious goal of achieving "military strategic superiority in cyberspace" glosses over the vast complexity of such an all-consuming endstate. [...] _______________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Tue Sep 14 2010 - 23:26:08 PDT
This archive was generated by hypermail 2.2.0 : Tue Sep 14 2010 - 23:39:56 PDT