Pentagon formulates rules of engagement for cyberwar

The Pentagon is currently formulating new rules of engagement for the execution of military ops in cyberspace.

“We are working closely with the Joint Staff on the implementation of a transitional command-and-control model for cyberspace operations,” Madelyn R. Creedon, the Assistant Secretary of Defense for Global Strategic Affairs (GSA), told the House Armed Services Committee’s subcommittee  on emerging threats and capabilities. 

“This interim framework will standardize existing organizational structures and command relationships across the department for the application of the full spectrum of cyberspace capabilities.”

According to Creedon, the US Department of Defense (DoD) maintains over 15,000 network enclaves and 7 million computing devices in installations around the globe.

“[We] continue to develop effective strategies for ensuring the United States is prepared for all cyber contingencies along the entire spectrum, from peace to crisis to war,” she explained.

“The department has been working around the clock, often in close cooperation with the Department of Homeland Security and other agencies.”

Meanwhile, Teresa M. Takai, the DoD’s chief information officer, told the panel that the department’s $37 billion information technology budget request for fiscal year 2013 encompassed a wide range of IT investments, such as the $3.4 billion allocated for cyber security efforts to protect information, information systems and networks against known cyber vulnerabilities.

It also includes $182 million for Cyber Command for cyber network defense, cryptographic systems, communications security, network resiliency, workforce development, and development of cyber security standards and technologies department-wide.

“[We are] consolidating the department’s IT infrastructure, networks, computing services, data centers, application and data services, while simultaneously improving the ability to defend that infrastructure against growing cyber threats.”

Takai confirmed the DoD was moving towards a single, joint network architecture designed to offer the department and Cyber Command optimized visibility into network activity and improved defense against cyber attacks.

However, the department has already made significant progress in several areas. For example, one initiative involved deploying a modular system called a host-based security system that enhances situational awareness of the network and improves the ability to detect, diagnose and react to cyber intrusions.

Army Gen. Keith Alexander, commander of U.S. Cyber Command, also appeared before the House Armed Services Committee’s subcommittee on emerging threats and capabilities. 

He reiterated that a comprehensive cyber defense strategy required contributions not only from DoD, but from Homeland Security, the FBI, and the Defense Information Systems Agency – all “key partners” in helping the military execute its cyber mission.

“The intelligence community’s worldwide threat brief to Congress in January raised cyber threats to just behind terrorism and [nuclear] proliferation in its list of the biggest challenges facing the nation. [This] has drawn the attention of our nation’s most senior leaders over the last year and their decisions have helped to clarify what we can and must do about developments that greatly concern us,” he explained.

“Our work and actions are affected by threats well outside DoD networks, threats the nation cannot afford to ignore. Nation-state actors in cyberspace are riding a tide of criminality. Several nations have turned their resources and power against us and foreign businesses and enterprises, even those that manage critical infrastructure in this country, and others. [Yes], I think we’re making progress. But… the risks that face our country are growing faster than our progress and we have to work hard on that.”