Force will rise from 900 troops to around 4,900 over the next several years
The U.S. is finally getting more serious about cybersecurity in the wake of stinging attacks from economic rivals such as China and military adversaries like Iran. Currently the U.S. Department of Defense‘s (DOD) Cyber Command (USCYBERCOM) unit is stressed to the brink, with a small crew of around 900 soldiers. That count is reportedly dwarfed by the large cyberwarfare teams in Iran, China, and other cyberpowers.
I. Better Defense, More Offense
The DOD announced this week ambitious plans to catch up, growing the unit five-fold to around 4,900 troops. The plan was first formulated by senior Pentagon officials late last year and is in the final stages of confirmation.
Under the plan, Cyber Command will be split into three distinct subunits, each with a distinct purpose. “National mission forces” will protect critical infrastructure like power and water grids from infiltration or attacks; “combat mission forces” will communicate with overseas officers and coordinate cyberattacks (like Stuxnet); and “cyber protection forces” will be tasked with entrenching the Pentagon’s networks against both foreign and domestic threats.
Sources indicate that the “national mission” teams will only take action on U.S. networks if a sister agency, such as the Federal Bureau of Investigation (FBI), requests it. While that may not lay to rest citizen fears of domestic spying or policing, it does suggest — at least officially — a limited domestic role for the expanding unit.
An unnamed official told The Washington Post, “There’s no intent to have the military crawl inside industry or private networks and provide that type of security. [Action would only be taken in cases where the adversary could] really hurt. We’re not talking about doing something to make sure that Mrs. Smith’s bank account didn’t get hijacked by somebody.”
The U.S. wants better cyberoffensive capabilities to use against hostile regimes like Iran.
[Image Source: ISNA]
The plan to dramatically expand the three-year old unit — at a time when the military as a whole is undergoing sweeping budget cuts — is a sign of cyberwarfare’s growing role in modern warfare.
William J. Lynn III, a former deputy defense secretary, tells The Washington Post that the plan is long overdue, commenting, “Given the malicious actors that are out there and the development of the technology, in my mind, there’s little doubt that some adversary is going to attempt a significant cyberattack on the United States at some point. The only question is whether we’re going to take the necessary steps like this one to deflect the impact of the attack in advance or . . . read about the steps we should have taken in some post-attack commission report.”
II. Big Challenges Ahead
Currently, the DOD relies heavily on the National Security Agency (NSA) for its cyberwarfare needs. Indeed, Cyber Command’s main physical presence is located directly beside the main NSA building in Fort Meade, Maryland. But the NSA’s official role is limited to foreign intelligence gather; outside of electronic intelligence it’s ill suited to provide necessary cyberoffensive or defensive capabilities.
The question, going ahead, though is how to merge the NSA’s existing support role with the expanding role of the Cyber Command unit.
Some argue that when Cyber Command is expanded “you sever that” relationship with the NSA. But others say the NSA will continue to complement the bigger, more independent unit without issue. Comments one source, “That’s been the plan all along. Take the talent resident in NSA, turn it into [cyber] attack talent.”
Another key unanswered question is where the Pentagon will be able to get enough qualified hackers to join its ranks. Funding will obviously play a key role, but one problem is simply availability; skilled security experts are a relatively rarity and many have misgivings about working for “the man” (aka the U.S. Military).
Comments one Navy source, “You get the resource guys sucking a lot of air through their teeth because they know their service chiefs have backed it. So they have to find the resources to pay for the people.”
Many hackers frown on working for the Pentagon, but given sufficient money they might change their tune. [Image Source: Reuters]
Figuring out those challenges will be a big part of Keith B. Alexander‘s job. Director Alexander, who jointly serves as director of the NSA and chief of the Cyber Command.
Director Alexander is expected to retire or move to another agency in summer 2014, but until then he will be pushing strong to gain the ability for Cyber Command to have its own independent budget, something other major military branches have. Such authority would have to be granted by Congress.
In the meantime his agencies will continue to ponder how to recruit talent, how to differentiate their respective roles, and how to counterattack foreign cyberagressors with their small, but growing staff of government hackers.
Source: The Washington Post