Defense domain, civilian awareness

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Patience Wait
 

Connecting state and local government leaders

By Patience Wait

|

<b>SPECIAL REPORT: The Next Steps for Security | </b> Elder, Garcia walk two sides of the cybersecurity beat.

The world of combat has expanded to include cyberspace as a battlefield. Two men are now responsible for protecting the United States in cyberspace'Air Force Lt. Gen. Robert Elder, who heads the Pentagon's strategic efforts in waging cyberwar, and Gregory Garcia, who handles the defense of the nation's cyberassets.

  • LEAD STORY | Secure Measures


  • Commerce uses encryption to help steel notebooks


  • Cost of two factors adds up


  • Logging data extracts puts some agencies in a bind


  • Agencies feel botnets' light footprint


  • New York battles botnets by testing employees


  • Feds split on FISMA's effectiveness


  • Defense domain, civilian awareness


    • Air Force Lt. Gen. Robert Elder

    Rick Steele

    DHS' Gregory Garcia

    Rick Steele



    Garcia is the first assistant secretary for cybersecurity and telecommunications at the Homeland Security Department. It is he who worries about how to prepare American society'government, commercial interests and individual citizens'to protect themselves from assaults on their electronic assets, whether home computers or nationwide networks.


    The White House appointed Garcia, a former vice president for information security programs at the Information Technology Association of America trade association in Arlington, Va., in September. His former colleagues were pleased with the pick, but did not hesitate to suggest his priorities.


    'I think the first thing is to do the job of making the department more aware of cyber issues and of being a champion for cybersecurity,' said Joe Tasker, ITAA's senior vice president of government affairs. 'We're now at a place where 90 percent of American businesses are on the Internet ... The ubiquity and power of the networks is becoming inescapable.'


    On the offensive side of the equation, Air Force secretary Michael Wynne made it clear when he approved the creation of a Cyber Command that combat already is taking place in cyberspace.


    '[T]he cyberspace domain contains the same seeds for criminal, private, transnational and government-sponsored mischief as we have contended with in the domains of land, sea, air and now contemplate as space continues to mature,' Wynne said in November. 'In cyberspace, our military, America and indeed all of world commerce face the challenge of modern-day pirates, of many stripes and kinds, stealing money, harassing our families and threatening our ability to fight on ground, air, land and in space.'


    Elder, commander of the 8th Air Force, based at Barksdale Air Force Base, La., is the first head of the Cyber Command. The 8th Air Force already had many cyberspace capabilities, including intelligence, surveillance, reconnaissance and electronic warfare, and the creation of this major command gives Elder the responsibility for creating 'cyberspace warriors,' who can react to any threats 24/7, he said.



    ROBERT ELDER


    GCN: What are your two or three top priorities for establishing this new command?

    ELDER:
    Our first priority is to establish cyberspace as a warfighting domain, characterized by the use of electronics and the electromagnetic spectrum.


    Today, cyberspace operations are generally viewed as network operations, information operations, or use of the Internet as an enabler for military operations in physical domains. The Air Force now recognizes that cyberspace ops is a potential center of gravity for the United States and, much like air and space superiority, cyberspace superiority is a prerequisite for effective operations in all warfighting domains.


    Our second priority is to present Air Force cyberspace forces and capabilities to U.S. Strategic Command for their global missions, and to other combatant commanders through their Air Force component commanders for theater operations. This includes establishment of a 24/7-air operations center.


    Our third priority is to develop a plan to organize, train and equip the Air Force to effectively conduct cyberspace operations. We intend to build capacity to conduct cyberspace operations across all aspects of [doctrine, organization, training, materiel, leadership and education, personnel and facilities]. We must develop a robust capability to manage risk for operations in cyberspace.


    GCN: Can you elaborate on the role the Air Force will play in providing cybersecurity, and how it relates to the roles of other governmental offices (civilian and DOD)?

    ELDER: There are many government agencies involved in cybersecurity. Air Force Network Operations is the service component to the Joint Task Force-Global Network Operations and will continue in that role.


    However, as a warfighting domain, cyberspace is much more than computer networks, it is a domain characterized by the use of electronics and the electromagnetic spectrum. Although we didn't call it cyberspace before, we've been operating in this domain at least since World War II, with radar, chaff curtains and telephone networks. ... Superiority in cyberspace will be defined in much the same way as we define air or space superiority'maintaining freedom of action for the United States and its allies, while denying freedom of action to our adversaries.


    Our Air Force command-and-control networks and other cyberspace capabilities must be capable of operating in a contested environment, and we will seek to deny the advantages cyberspace provides to our adversaries. Air Force Cyberspace Command will focus its efforts on military operations in and through cyberspace, but in support of JTF-GNO, will work closely with other government agencies. ... [We] will be postured to support homeland security, critical infrastructure protection and civil support operations using cyberspace.


    GCN: Establishing this command implies there are real threats in cyberspace. Can you describe what's happening on this frontier?

    ELDER: Our adversaries operated in cyberspace in the past, are doing so today, and will do so even more in the future. Your readers are well aware of the attacks they experience with their networked computers every day. The Air Force can't afford to disconnect a [command-and-control] system to purge itself of malware; as a result, we are very aggressive in our efforts to protect and defend these networks.


    Al-Qaida coordinated the 9/11 strike with international and cellular communications, and they trained their pilots on simulators. Additionally, there are now hundreds of anti-U.S. Web sites, including ones actively used for planning and coordinating attacks on U.S. interests, and our adversaries can communicate freely via text messaging and e-mail. If we can establish cybersuperiority, we can inhibit the adversary's ability to use cyberspace as an enabler.


    We have very few peer competitors or entities with similar capabilities, in air, on the ground or at sea. However, we have many potential peer competitors in cyberspace due to its low entry costs. And the cyberdomain is also very attractive to both state and nonstate rogue actors because of its potential to achieve high-impact effects with low probability of detection or retribution. We can't afford to lose the initiative in this area.


    Our dependence on cyberspace demands an even greater emphasis on our ability to ensure freedom of maneuver in the domain. This will entail more than just 'sitting guard' at workstations. It will mean approaching the problem just like we approach defending other physical domains. We need to be prepared to operate in cyberspace while our dominance is being contested.


    GREGORY GARCIA


    GCN: As the first assistant secretary for cybersecurity at Homeland Security, a lot of folks in the business community have high expectations for you. What are your immediate priorities?

    GARCIA: The first is that this function, cybersecurity and telecommunications, is going to lead in the national effort to prepare ... our networks, our information and communications systems, [to] make them more robust against cyberattacks.


    Second, when incidents do happen, we need to have a strong, national coordinated response capability ... in partnership with the private sector, a strong level of incident response that links over to state and local first responders. Over time, the next year or so, I'll be working toward really integrating cyber and communications functions to better reflect the convergence that's taking place in the marketplace. We're looking to secure both the pipes'the transport'and the content'the info.


    Finally, the third strategic priority is to build awareness. This function is a bully pulpit. I want to help develop a well-informed public at both the enterprise level and individual consumer level. ... That's a matter of getting out and talking, doing a lot of talking.


    GCN: Does it really make a difference whether this is done at the assistant-secretary level or lower in the DHS organizational chart?

    GARCIA: It has made a difference already, just simply by virtue of there being somebody at this level. It sends a clear [message] of the priority that this administration places on cybersecurity, communications security. I have briefed the secretary a couple of times now; he is engaged and considers this a priority.


    GCN: How have you been working on these priorities?

    GARCIA: One of the first things that I pushed for, and that we're close to having done now, is co-locating the U.S.- Computer Emergency Readiness Team (CERT) and the National Coordination Center, the communications industry/government partnership for watch and warning. That's going to facilitate the information sharing we need between industry and government [and] build our incident response capability. ... That is one of the reasons I was brought on to DHS, in recognition of my strong ties with industry.


    A couple of the high-level things we really need to do [are] work with [the Office of Management and Budget] to raise the bar for federal agencies, to strengthen all of our security.


    Secondly, [we need to] really work with the private sector to get that coordinated incident response capability that we need to be able to move quickly and decisively. [And] we need a mature, real-time information sharing capability.


    GCN: What are the pitfalls, the things you worry about?

    GARCIA: The threats are constantly evolving against our cyber and communications infrastructure. We're going to build upon this shared responsibility ... by industry, by government'all levels of government'by consumers [and] academia. And if we can put in place the structures and systems that will prepare us and deter against those threats, [if we] build incident response capability and awareness, then we'll be better able to protect ourselves. The pitfall is that we don't reach the level of partnership that we all know is necessary.


    The one thing that I worry about is lack of awareness. I think that will be one of our biggest challenges, to be able to articulate ... how important everybody's role is, that one computer or one network of computers can be the portal through which an attack is launched.

    NEXT STORY: Agencies feel botnets' light footprint

    X
    This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
    Accept Cookies
    X
    Cookie Preferences Cookie List

    Do Not Sell My Personal Information

    When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

    Allow All Cookies

    Manage Consent Preferences

    Strictly Necessary Cookies - Always Active

    We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

    Sale of Personal Data, Targeting & Social Media Cookies

    Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

    If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

    Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

    Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

    If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

    Save Settings
    Cookie Preferences Cookie List

    Cookie List

    A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

    Strictly Necessary Cookies

    We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

    Functional Cookies

    We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

    Performance Cookies

    We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

    Sale of Personal Data

    We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

    Social Media Cookies

    We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

    Targeting Cookies

    We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.