Following a year of cyberspace strategizing, 2019 will be all about implementing rules and tools, according to the Department of Defense’s top uniformed cyber policy adviser.
Appearing Jan. 29 before the Senate Armed Services Subcommittee on Cybersecurity, Brig. Gen. Dennis Crall said the department knows where it needs to head following last year’s DoD cyber strategy (the first in three years) and now is the time to show results.
The much awaited strategy articulates how the DoD will combat strategic competitors such as Russia and China.
“This is the year of outcomes and that’s what we’re focused on — delivering the capabilities and improvements that we’ve discussed for some time,” he told the committee, adding that the strategy process allowed them to take a look at some departmental gaps and get after them.
U.S. efforts to head off cyber events and impose consequences on adversaries has worked, at least in the short-term, the head of U.S. Cyber Command told Congress Jan. 29.
The strategy actually has actionable lines of effort and there are things they can do to measure progress, he said.
The document lays out five objectives and five areas of interest under its strategic approach. The five objectives include:
- Ensuring the joint force can achieve its missions in a contested cyberspace environment;
- Strengthening the joint force by conducting cyberspace operations that enhance U.S. military advantages;
- Defending U.S. critical infrastructure from malicious cyber activity that alone, or as part of a campaign, could cause a significant cyber incident;
- Securing DoD information and systems against malicious cyber activity, including DoD information on non-DoD-owned networks; and
- Expanding DoD cyber cooperation with interagency, industry, and international partners.
The five areas of interest under the guise of its strategic approach include building a more lethal joint force; competing and deterring in cyberspace; strengthening alliances and attracting new partners; reforming the department; and cultivating talent.
The strategy also notes DoD must take action in cyberspace during day-to-day competition to preserve U.S. military advantages and defend U.S. interests. The focus will be on nation states that can pose strategic threats to the United States, namely China and Russia.
“We will conduct cyberspace operations to collect intelligence and prepare military cyber capabilities to be used in the event of crisis or conflict,” the document says.
Dana Deasy, the department’s chief information officer, told the same committee that the threat from Russia and China is so acute he is briefed weekly from U.S. Cyber Command and the National Security Agency on them. This allows him to understand their offensive and defensive posture relative to the DoD.
“Suffice to say that these are very strong, capable adversaries, but at the same time we have some strong, capable abilities ourselves,” he said.
The command hopes to change this in the near future.
In fact, aside from individual tools, the force is still in need of a training range where cyberwarriors can do individual and collective training, as well as mission rehearsal, similar to rifle ranges or national training centers in the physical world.
The Persistent Cyber Training Environment, being run by the Army for the joint force, will get after this; however, it is still in the prototype phase with a limited capability delivered to users.
The Army recently concluded the first user assessment for the Persistent Cyber Training Environment.
Additionally, the force needs a large-scale command-and-control platform that will house tools, provide commanders global situational awareness of forces and enable forces to plug into operations from remote locations.
This is the goal of Unified Platform, which is also still in the prototype phase, though officials have said a limited product could be delivered as early as the spring.
The Department of Defense is rapidly working to provide cyberwarriors capabilities under the Unified Platform.