Data Manipulation, Non-State Actor Intrusions Are Coming Cyber Threats
By DoD News
By Cheryl Pellerin
Two specific emerging challenges are among those that concern Navy Adm. Mike Rogers, commander of U.S. Cyber Command and director of the National Security Agency.
The challenges are a potential inability to trust financial and other data due to manipulation by adversaries, and the disregard of some non-state actors for connectivity and other staples of daily life in many parts of the world.
Rogers joined Marcel Lettre, acting undersecretary of defense for intelligence, and others in a recent panel on cyberwar during the recent annual Reagan National Defense Forum held in Simi Valley, California.
From a military perspective, Rogers said to the audience of government and industry leaders, data manipulation through network intrusion is probably his No. 1 concern.
“As a military commander, I’m used to the idea that I can walk into a darkened space with a lot of sensors coming together and look at a visual image that uses color, geography and symbology, and quickly assimilate what’s going on and make very quick tactical decisions,” Rogers said.
“But what happens if what I’m looking at does not reflect reality … [and] leads me to make decisions that exacerbate the problem I’m trying to deal with [or] make it worse?” he added.
The admiral said he’d just returned from New York, where he spent a day in related discussions with business leaders and with students at Columbia University.
The digital environment, for the private sector and the military, is founded on the idea of faith in the data, he said.
“The fundamental premise for most of us is that whatever we’re looking at, we can believe — whether it’s the balance in your personal account … or the transactions you make in the financial sector,” Rogers said.
What happens, he asked, if that trust is disrupted? What if the digital underpinning relied upon by people everywhere can no longer be believed?
Vision of the World
His second concern from a military perspective involves non-state actors.
“Nation-states, while they want to gain an advantage,” he said, “generally have come to the conclusion that if the price of gaining that advantage is destroying or destabilizing the basic status quo and underpinnings that we’ve all come to count on, that’s probably not in their best interest.”
With non-state actors like the Islamic State of Iraq and the Levant or al-Qaida, Rogers added, that premise is gone. They are interested in destroying the status quo to achieve their vision of the world as it should be, he said.
“So what happens when they suddenly start viewing cyber as a weapon system, as a capability that helps them achieve that end state — and one they can use as a vehicle to achieve destruction and disorder, just as we’re watching them do in the kinetic world?”
In his remarks on the panel, Lettre — who oversees all DoD intelligence and security organizations, including the National Security Agency — said the cyber threat picture is complex and a function of a geostrategic landscape that is as challenging as the nation has seen in 50 years.
Defense Secretary Ash Carter and Deputy Defense Secretary Bob Work “have been pushing for … an innovative approach [and] innovation in technologies to try to tackle this strategic landscape and deal with these challenges,” he said.
Commitment to Innovate
One of Carter’s three commitments as secretary, Lettre added, is to innovate for the Force of the Future so the nation can stay ahead of such threats it will face five, 10 and 20 years down the road.
As part of the department’s deliberate, strategic approach to cyber, in April officials updated the DoD Cyber Strategy, focusing on three missions, Lettre said.
These are defending DoD networks, being prepared if the president calls on the department to help the nation deal with consequential attacks on the homeland, and making cyber options available to combatant commanders, he said.
Among other things the strategy prompts a focus on military application of power through the use of partnerships, the undersecretary added.
“Attacking the cyber-defense challenge really does require partnerships with industry and partnerships with international allies,” Lettre said.
The second focus involves building out capability, forces, options, tools, strategies and doctrine that underlie the ability to defend and where necessary respond to cyberattacks, he said.
Establishing the now-five-year-old Cyber Command was a big step forward in building out the needed forces and tools, Lettre said, and by 2018 the sub-command will be fully operational, with 6,200 cyber forces that will allow the department to defend its networks, defend the nation and support combatant commanders.
To support this buildup, in October the General Services Administration put out a five-year, $460 million multiple-award request for proposals to outsource Cybercom mission support in areas that include doing the following:
- Unify cyberspace resources, create synergy and synchronize warfighting effects to defend the information-security environment.
- Centralize command of cyberspace operations to strengthen DoD cyberspace capabilities and integrate and bolster DoD cyber expertise.
- Improve DoD capabilities to ensure resilient, reliable information and communication networks, counter cyberspace threats and assure access to cyberspace.
- Support the armed services’ ability to confidently conduct high-tempo, effective operations, and protect command-and-control systems and the cyberspace infrastructure supporting weapons system platforms from disruptions, intrusions and attacks.
The goal, according to GSA, is to support Cyber Command and support services to the mission force, cyber components and Joint Force headquarters through 10 areas that include cyberspace operations, all-source intelligence and engagement activities.
To those who wonder why Cybercom would look to the private sector for this kind of help, Rogers said, “Who develops the kinetic munitions that we drop? Who builds those [Joint Direct Attack Munitions], those [Tomahawk Land Attack Missiles]?”
It’s not the Defense Department or the U.S. government, the Cybercom commander said.
“We turn to the private sector to harness the abilities and their capabilities to generate the tools DoD needs to execute its broad mission to defend the nation and protect our interests,” Rogers added.
Cyber should have the same opportunities, the admiral said.
“Not that there aren’t aspects that are different,” he added, “but the fundamentals I think translate well between the two worlds.”