DOD struggles to define cyber war

Featured eBooks
Artificial Intelligence and Efficiency
Changing Workforce
Future of Tech Infrastructure
Insights & Reports
Moving Government Finance from Complexity to Confidence
Presented By Workday
Download Now
How Dash Cams Reduce Risk and Deliver Clear ROI for the U.S. Public Sector
Presented By Carahsoft | Samsara
Download Now
By William Jackson,
GCN

By William Jackson,
GCN

|

The DOD is creating a new Cyber Command to defend the military information infrastructure but still is working to come up with a clear definition of a doctrine for cyber war, says Undersecretary James Miller.

As the Defense Department puts its new Cyber Command in place to defend the military information infrastructure, it also is wrestling with the nontechnical issues of defining cyber war and establishing a doctrine for cyber warfare, a top Pentagon cyber policy adviser said Wednesday.

James Miller, DOD principal deputy undersecretary for policy, pondered how the law of armed conflict applies to cyber war.

“It’s clear that it does," he said, speaking in an Ogilvy Exchange national security lecture in Washington, But the military still has to establish what an act of aggression or an act of war looks like in cyberspace and decide on the rules for responding — both digitally and physically — when the line between hacking and warfare is crossed, he said.

“We have a lot of efforts underway,” Miller said. “We are trying to bring all of this together into a coherent strategy” that will begin coming out in the next few months. He said there will not be a simple one-sentence definition of what constitutes cybe rwar, but that it will be an evolving concept based on history and on likely scenarios.

“It is clear there is a lot of cyber espionage where data is being pulled," Miller said. "But we understand that not everything that happens in cyberspace is an act of war.”

Miller reminded the audience of the usual statistics about the scope of the threat facing a net-centric DOD: 15,000 DOD networks with 7 million devices at 4,000 installations in 88 countries, all being scanned and probed millions of times a day. More than 100 foreign intelligence organizations are trying to access the systems and foreign militaries are developing the ability to attack and disrupt the systems that already are being penetrated by hackers and criminals.

“The cyber threat has outpaced our ability to defend against it,” he said. “We still are learning” the extent of our dependency on these networks and the scope of the threats against them. “We still see significant gaps and vulnerabilities. We don’t fully understand them, but we’re learning.”

The greatest threat to DOD systems so far has been the theft of sensitive data, he said. But the military also has to defend against disruption and degradation of the systems it is increasingly dependent on.

To date, defensive efforts have been spread between at least a half-dozen different organizations, including the Defense Information Systems Agency; the National Security Agency; and individual service commands in the Army, Air Force and Navy.

“We are spread too thin, geographically and institutionally,” Miller said. But that is changing with this week’s confirmation of NSA Director Keith Alexander, who was given a fourth star to also head the Cyber Command.

“We are headed into a new era,” Miller said. The new command will consolidate current resources, although each service will have primary responsibility for protecting its own networks. It will have three primary missions: defense of military networks, support of military and counterterrorism operations, and support of civilian agency and industry partners as needed.

Related stories:

How can we be at cyberwar if we don't know what it is? 

Senate confirms NSA chief as head of Pentagon's new Cyber Command

“There are legal and policy questions we are attempting to address,” Miller said. “It’s not a bright red line. There are a lot of gray areas.”

Effective defense also requires integrating intelligence and offensive capabilities, because attacks and attackers must first be identified to defend against them, Miller said. This point was echoed by Navy Department Chief Information Officer Robert Carey, who said at a separate event Tuesday that DOD needed to build up its cyberattack skills.

“If you know how to attack, you can defend pretty well,” Carey said. “We currently are developing people only as defenders. That mindset has to change.”

Both Miller and Carey also said that simply throwing money at the cyber problems is not an option.

“We are not going to buy out way out of this challenge,” Miller said.

Carey and Miller also lamented the slow pace of the federal budget process. A sophisticated device -- Miller used the iPhone as an example -- can be developed in less time than it takes DOD to create a budget for an IT system.

Carey said that even with a $7.6 billion IT budget, the Navy’s cyber defense has to be cost-effective and make a business case for dollars. Tanks, airplanes and ships still play out better on than do Hill than cyber issues.

“Our cyber guys would love to have the money [currently] being spent on a destroyer,” Carey said. “But that’s not going to happen.”

 

NEXT STORY: DISA picks new CIO and IT directors

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.