Cybercom Chief Calls Partnerships Vital to Network Security
Cybercom Chief Calls
Partnerships Vital to Network Security
By Claudette Roulo, DoD News,
Defense Media Activity.
Washington D.C. – (DoD
News) – October 29, 2014 – Cyber is the ultimate team sport, and it will
take true partnerships between defense and industry to protect the nation’s
information systems, the commander of U.S. Cyber Command told an audience at the
U.S. Chamber of Commerce here yesterday.
“There's no one single group or entity that has all the
answers, nor is there one single group or entity capable of executing the
solutions that we need to do,” Navy Adm. Michael S. Rogers said.
But, Rogers noted, it’s up to leaders in defense and the
private sector to drive the cultural changes that will allow these partnerships
“When you don't have leadership buy-in, you are fighting with
one hand tied behind your back,” he said.
Cyber blurs line between public,
The traditional view puts the private sector in one arena and
the government in another, Rogers said, and the whole question of national
security as something apart from that. But cyber blurs the line between those
three groups, the admiral said.
“The cybersecurity challenges we are facing a nation, I view
them as a national security issue for us,” he said. “And how are we as a nation
going to address the challenge that is not going to go away?”
The hazards that defense and the public sector face in the
cyber realm are serious and long-term, Rogers said.
“Every day there are groups, individuals and nation-states
attempting to penetrate our DoD networks, and it's the same thing we're seeing
in the corporate world,” the admiral noted.
Cybercom has three missions: to defend the department’s
networks, generate the cyber mission force and provide protection and support in
the event of attacks on critical U.S. infrastructure. Accomplishing this third
mission won’t be possible without building relationships with the private sector
and other federal agencies in advance, the admiral said.
“If there's one thing you learn in the military, Rogers said,
“you do not wait until the day of the crisis to suddenly say to yourself, ‘Boy,
I guess we better do some training with each other, or I guess we better
understand what our partners needed and what they don't need, and what's
effective for them and what is not effective.’”
The Defense Department already is working alongside other
federal agencies, including the Department of Homeland Security and the Federal
Bureau of Investigation, he said.
Rogers also serves as director of the National Security
Agency. In that role he oversees infrastructure assurance -- that is, not just
defending systems, but developing their standards, he said.
“We do it with the federal government, and increasingly we
find ourselves called on by our DHS and FBI teammates to provide capability from
our cyber expertise to support the private sector,” the admiral said.
Those types of requests are only going to increase, Rogers
“You can pick up a newspaper. You can get on your favorite
website,” he said. “You can blog on whatever particularly interests you. You can
go to whatever media outlet that you find is the best source of your news, and
every day you will find something about a major cyber incident. This is not a
Industry concerns are legitimate
The private sector has real and legitimate concerns about the
legal liabilities of partnering with the government, he said.
“We have got to help remove those very legitimate concerns
and address them, because in the end what we have got to get to, I believe, is
real-time automated machine-to-machine interface,” Rogers said. Before that
happens, both sides need to clearly define in advance what information will be
shared, he added.
The admiral said he does not want “privacy information” to be
part of any information-sharing agreements, because that’s not the focus of
“What we need to share with each other is … actionable
information that you can use that gives you insights into as to what's the
malware you're going to see,” he said. “How is it going to come at you? What are
the indicators that you should be looking for in advance that would suggest to
you that activity of concern is coming?”
In return, Rogers said, DoD should be able to help identify
who is targeting the system under attack. “And then collectively between us, we
need to share this, and we need to share it both across the entire sector,
because … the insights of one can translate to the defense of many,” he said.
Congress is working on legislation that will protect industry
from government intrusion, while enabling the government to partner with the
private sector to protect industrial networks from attack, the admiral said.
“So we'll be working our way through that process, but the
key to it is going to be dialogue,” Rogers said.
(Follow Claudette Roulo on Twitter: @roulododnews)
Navy Adm. Michael S. Rogers
Special Report: The Cyber Domain
The Defense Department on Facebook
The Defense Department on Twitter
DoD News on Facebook
DoD News on Twitter
DoD News Broadcast Channel