SIMI VALLEY, Calif. — The lack of international standards for proper behavior in cyberspace prevents the United States and allies from policing adversaries as needed to protect data and systems, the chief of naval operations said during a service chiefs panel at the Reagan National Defense Forum.
All four chiefs on Saturday pledged support to Gen. Paul Nakasone, commander of U.S. Cyber Command. But they also acknowledged the challenge that comes with the lack of international doctrine.
“We have international norms in the maritime; we don’t have those in cyber,” said CNO Adm. Michael Gilday, who led the Navy’s component to U.S. Cyber Command, 10th Fleet/Fleet Cyber Command, from July 2016 to June 2018. “It makes it difficult to enforce standard that don’t exist, and to therefore hold nations accountable for nefarious behavior. It’s a challenge."
“Those types of agreements take time,” he added. "Unfortunately, they sometimes follow a catastrophic event.”
NATO confirmed in 2017 that it could invoke Article 5 of its charter should one or more member nations find themselves under a serious cyberattack that threatens critical military and civilian infrastructure. But while that decision did help inspire the alliance to develop rules of engagement should such an event occur, it did not establish global standards for behavior in cyberspace.
Nonetheless, progress is being made, said Gen. David Berger, commandant of the U.S. Marine Corps.
“We know it’s a collective issue. Documents are one things, but discussions are happening that didn’t happen years ago, and that’s healthy,” he said.
To enhance cybersecurity within the Department of Defense, Gen. David Goldfein, chief of the U.S. Air Force, advocated for greater authority to be given to the head of U.S. Cyber Command for enforcing cyber standards across the services.
“One of the things we’ve got to [provide] Nakasone is increased decision authority," Goldfein said. "How do you operate at the speed of relevance if decisions are held to the highest level?”