AOH :: ISNQ6956.HTM

What U.S. Cyber Command Must Do

What U.S. Cyber Command Must Do
What U.S. Cyber Command Must Do


http://www.ndu.edu/press/what-US-cyber-command-must-do.html 

By Wesley R. Andrues
Joint Force Quarterly
Issue 59 - October 2010

Wesley R. Andrues is the Plans and Readiness Division Chief for the U.S. 
Army Global Network Operations Center.

In June 2009, the Secretary of Defense announced the creation of U.S. 
Cyber Command (USCYBERCOM), a new subunified command to be led by the 
director of the National Security Agency (NSA). While the press colored 
the announcement with Big Brother undertones and hints of civil 
liberties surrendered, the real story lies in the intriguing legal 
landscape of USCYBERCOM and what it could mean for the security, 
efficiency, and economy of the military's networks. The Department of 
Defense (DOD), the largest single consumer of Federal information 
technology dollars, has struggled for decades to bring a singular voice 
and management process to its communications infrastructure. Although 
this is not the stated intent of the new command, USCYBERCOM must 
ultimately reconcile its role in information technology "ownership" and 
draw clear operational boundaries if it is to administer cyber security 
through unified standards and procedures.

As USCYBERCOM now has its first commander and begins shaping its core 
functions, fundamental changes in the legal landscape must occur in 
parallel with the new organizational structure if the command hopes to 
effect a "comprehensive approach to Cyberspace Operations."1 In short, 
it must go beyond cosmetic organizational change and set to work on a 
campaign that genuinely reduces interdepartmental friction, repairs 
ailing processes, and truly empowers it to meet its mission, both 
specified and implied.


Step One: Establish Priorities

To compel its components to organize confidently and appropriately, 
USCYBERCOM must provide solid, intuitive operational imperatives and 
priorities. What tangible problem does the command seek to solve, and 
how does the formation of this single entity contribute to the integrity 
of DOD networks? One of the main impediments to answering this question 
is the lack of any meaningful cyberspace doctrine, or at least a serious 
consideration of how cyberspace operations differs from the closely 
related computer network operations, which is itself a key component of 
information operations. How does the emerging rubric of cyber now fit 
against the broad operational backdrop of information operations as a 
whole? This is an elemental question that demands top-down clarification 
if USCYBERCOM expects to contain its mission space and lead decisively. 
The question must be answered: Is it about securing the network itself, 
or achieving military effects through the targeted application of 
information in all its forms? To call it both takes a middle road that 
complicates the identity of this new command and makes task organization 
exceedingly difficult.

It is not that DOD has failed to invest intellectual capital toward 
defining cyberspace. On the contrary, a good deal of self-examination is 
under way across all the Services, yet precious little substance has 
emerged signifying a strong, novel environmental foundation. To its 
credit, the Joint Staff devoted significant effort toward articulating 
broad cyberspace priorities in its National Military Strategy for 
Cyberspace Operations (2006). The basic premise echoed the notion that 
the United States must secure freedom of action in a "contested domain" 
and deny the same to its adversaries, yet its ambitious goal of 
achieving "military strategic superiority in cyberspace" glosses over 
the vast complexity of such an all-consuming endstate.

[...]


_______________________________________________________      
Subscribe to InfoSec News - www.infosecnews.org 
http://www.infosecnews.org/mailman/listinfo/isn

Site design & layout copyright © 1986- CodeGods