Nouvelle page 1
Rogers: Cybercom Defending
By Cheryl Pellerin, DoD News,
Defense Media Activity.
Fort Meade, Maryland – (DoD
News) – August 18, 2014 – U.S. Cyber Command continues to expand its
capabilities and capacity, Navy Adm. Mike Rogers said Aug. 14.
The Cybercom commander was speaking during an interview at
the NSA headquarters building here. Rogers is also director of the National
Security Agency and chief of the Central Security Service. “The decision to
create [Cybercom] was a … recognition of a couple things. No. 1, the increasing
importance of the cyber domain and the cyber mission set in Department of
Defense operations in the 21st century,” Rogers said.
Navy Adm. Mike Rogers speaking with a DoD News reporter
Such a command would add to the department’s ability to
protect and defend its networks, and give policymakers and operational
commanders a broader range of options, he said.
The second consideration involved DoD’s mission to defend the
nation, coupled with the potential of nation-states, groups and individuals to
conduct offensive cyber activities against critical U.S. infrastructure.
In that scenario, the admiral said, defense officials thought
it was likely the president would “turn to the secretary of defense and say, ‘In
your mission to defend the nation, I need you to do the same thing here in the
cyber arena against this mission set critical to U.S. infrastructure, and I need
an organization capable of doing that.’”
These conditions led the department to realize the need to
create a traditional warfighting organization capable of executing a spectrum of
cyberspace missions, Rogers said. And, he added, they knew they needed to do so
“with a dedicated professionalized workforce. This is not a pickup game where
you just come casually to it.”
Rogers said he focuses on five priorities for Cybercom.
These are to build a trained and ready cyber force, put tools
in place that create true situational awareness in cyberspace, create
command-and-control and operational concepts to execute the mission, build a
joint defensible network, and ensure Cybercom has the right policies and
authorities that allow it to execute full-spectrum operations in cyberspace.
Making progress is important to Rogers, who characterized his
ultimate goal as bringing Cybercom to a level where it’s every bit as trained
and ready as any carrier strike group in the U.S. Central Command area of
responsibility or any brigade combat team on the ground in Afghanistan. “My
objective during my time as the commander, first and foremost,” the admiral said,
“is to ensure that we have brought to fruition the operational vision in cyber …
[to make sure] it’s something real, it’s something tangible, and it is
operationally ready to execute its assigned missions.”
That is happening as Cybercom brings its warfighting
capability online, with the services generating a total cyber mission force of
about 6,000 people by 2016, all trained to the same high standard and aligned in
133 teams with three core missions:
-- The Cyber National Mission Force, when directed, is responsible for defending
the nation’s critical infrastructure and key resources.
-- The Cyber Combat Mission Force provides cyber support to combatant commanders
across the globe; and
-- The Cyber Protection Force operates and defends the DoD information network,
Defending the DoDIN is the focus of a partnership in progress
with the Defense Information Systems Agency, or DISA.
The agency provides command and control and
information-sharing capabilities and a globally accessible enterprise
information infrastructure to warfighters, the president and national leaders,
and other mission and coalition partners.
DISA, Rogers points out, is also a combat support agency. The
agency reports to acting DoD Chief Information Officer Terry Halvorsen, and its
director is Air Force Lt. Gen. Ronnie D. Hawkins Jr. “I have always believed …
that we need to integrate operations and networks and our defensive workforce
into one team,” Rogers said, “and that you are more effective in operating a
network and in defending a network when you do it with one integrated approach.”
As a result, Rogers’ team decided they needed to create a
relationship with DISA, he said, adding, “At the moment there’s no formal
[command and control] line between us, but we’re in the process of creating
As part of that process Rogers collaborates with Halvorsen
and Hawkins. “What I think we need to do,” he said during their meeting, “is
create an operational construct that creates a direct linkage [between] U.S.
Cyber Command, DISA and U.S. Cyber Command service components.”
It’s critical that the relationship includes the service
components, Rogers said, “Because, under the current network structure today,
those networks are largely run by [the] services. So we’ve got to create a
relationship between DISA and the services that is very operational because
you’ve got to maneuver networks, you’ve got to react to changes, and you can’t
do that in a static kind of environment.”
He added, “We're in the process of doing that and I expect to
roll it out in the fall. … You’ll hear it referred to as JFHQ DoDIN,” he said,
or Joint Force Headquarters DoD Information Networks.
Rogers said that he, Halvorsen and Hawkins agree, this is the
future of DISA. “[DISA] will operate on the networks. They'll be part of our
defensive effort so they will be out operating on the networks just like us,” he
added. “One of the core missions is the defense of the DoDIN,” Rogers said. “The
forces associated with that mission will be assigned to DISA, to the services [and]
to the combatant commanders.” So, he added, DISA will have operational control
over some of the cyber mission force to help execute their mission.
Another of Rogers’ priorities for Cybercom is to help develop
a common situational awareness of “what’s happening in DoD networks,” he said.
The commander highlighted the need for speed and agility in
the cyber arena, adding, “If you can’t visualize what you’re doing … you’re not
going to be fast or as agile, and thus arguably not as effective as you need to
Rogers said, “As an operational commander I am used to the
idea of walking into a command center, looking at a visual depiction that
through symbology, color and geography enables me to very quickly come to a
sense of what's happening in this space. We are not there yet in the cyber arena.”
Establishing situational awareness in the cyber realm is a
combination of technology and capability, the admiral said, and determining what
knowledge is needed and what elements contribute to that.
“Is what U.S. Cyber Command needs to know about what's going
on in the network world the same thing as a strike group commander needs in the
Western Pacific? The same thing an Air Force air wing needs in Minot, North
Dakota? The same thing a brigade combat team needs in Afghanistan? It will vary,
so we've got to create a system that you can tailor to the needs of each
commander,” he said.
Rogers noted there are many ongoing efforts to improve
situational awareness, pointing out the need to work collaboratively to fix the
problem. “We do have some tools right now,” he added. “They’re just not as
mature and comprehensive as I'd like them to be.”
Cyber is foundational to the future, the admiral said, and he
often comments to his fellow operational commanders that cyber is a mission they
have to own. “The wars of the 20th century taught most warfighting professionals
that, no matter what you do, a good foundational knowledge of logistics is
probably going to stand you in good stead,” Rogers explained.
In the 21st century, he added, operational commanders may
find that, regardless of their mission, they will need a sense of what’s going
on in their networks, where they’re taking risk, and the impact of network
structure and activities on their ability to execute the mission. “It’s not
something you turn to your communications officer … or your CIO and say, ‘I
don't really understand this. Go out and do some of that for me.’ That isn't
going to get us where we need to go,” the admiral said.
Rogers elaborated on the need for Cybercom to be ready.
During his time as Cybercom commander, he said he expects
that a nation-state, group or individual will attempt to engage in offensive,
destructive capability against critical U.S. infrastructure, from the power grid
to the financial sector.
The Presidential Policy Directive for Critical Infrastructure
Security and Resilience outlines 16 designated U.S. Critical Infrastructure
Rogers says he tells his team they have to be ready to
respond to such a call. But for an attack on the United States, Cybercom will
support the Department of Homeland Security, which is the lead agency for
broader security protections associated with critical infrastructure, and
partner with the FBI, which is the lead agency for domestic attacks and law
“Our biggest focus really is going to be bringing our
capabilities to bear to attempt to interdict the attack before it ever gets to
us,” the admiral said. “Failing that,” he continued, “we'll probably also have
some measure of capability that we can provide to work directly with those
critical infrastructure networks to help address the critical vulnerabilities
and where the networks could use stronger defensive capability.”
To prepare for such interagency collaboration in the event of
a domestic cyberattack, the command trains as it will fight, Rogers said. “In
the military I'm used to the idea that you train like you fight. So we exercise
[and] we replicate the things we think are going to occur in a combat scenario,”
the admiral said. “I want to do the exact same thing with the same set of
teammates I'm going to operate with if we get the order to do so.”
The department and Cybercom already do internal exercises, he
said, as well as ongoing interagency exercises such as Cyber Guard, in which
elements of the National Guard, reserves, NSA and Cybercom exercise their
support to DHS and FBI responses to foreign-based attacks on simulated critical
The whole-of-government exercise, completed June 17, was
designed to test operational and interagency coordination and tactical-level
operations to prevent, mitigate and recover from a domestic cyber incident.
Cyber Guard is a good example, Rogers said, “but I want to
build on that. DHS and FBI were there but I think we can do even more.”
Information sharing and partnerships with the critical
infrastructure sectors is an important aspect of enabling Cybercom to more
effectively interdict and stop an attack, if directed to do so by the president
and defense secretary, he added.
The cyber threat is growing increasingly complex, the
Cybercom commander said, and a more diverse set of actors is involved in the
mission set, “from nation-states that continue to increase their capabilities,
to groups, to individuals.”
In broad terms, he added, “you don’t see a crisis in the
world today that doesn’t have a cyber aspect to it.”
For that reason and others, the ultimate construct of
Cybercom must be flexible, the admiral said. “If you want to develop full-range
capabilities and generate the maximum flexibility for their application, you’ve
got to build a construct that recognizes we’re going to be supported sometimes,
we’re going to be supporting other times, and sometimes we’re going to be doing
both simultaneously,” Rogers said.
In one scenario Cybercom might be helping the commander in
the Pacific, he said, and “at the same time we might be driving efforts to
secure the U.S. financial infrastructure … and trying to support U.S. Central
“It’s just the nature of things,” Rogers said, “because cyber
is so global and so foundational.”
(Follow Cheryl Pellerin on
Twitter: @PellerinDoDNews) :
Navy Adm. Mike Rogers
National Security Agency
Special Report: The Cyber Domain
U.S. Cyber Command
Special Report: U.S. Strategic Command
U.S. Strategic Command
Cybercom Chief: Cyberspace Operations Key to Future Warfare