Cybersecurity Demands Culture Change
Culture Change, DoD Official Says
By Lisa Ferdinando. DoD News,
Defense Media Activity.
Washington D.C. — (DoD
News) — September 18, 2015 — A change in
culture is needed to protect against threats in the rapidly changing cyber
domain, the Defense Department's chief information officer said here yesterday.
"What keeps me awake is 'Will we get the cyber culture right?'" said Terry
Halvorsen, opening a daylong cybersecurity meeting of government and industry
experts. At the 6th Annual Billington Cybersecurity Summit, Halvorsen
highlighted three areas in cyber culture he said need to be addressed:
discipline, economics and enterprise.
Cyber, the fifth domain in warfare, is different from other
warfare areas because of the rapid speed at which things change, he said. With
the evolving threats, the thinking on cybersecurity needs to evolve as well.
"Culture is the hardest thing to change," he said. "That's why it keeps me awake
The United States is dependent on cyber more than probably
any other nation, certainly more than any other military in the world, he said.
While that gives America some "really powerful advantages" in warfare and
business, he said, it also makes it the "most vulnerable to cyber interdiction."
A threat, whether a criminal or a nation-state, can spend a "fairly
small sum of money and cause us to spend quite a bit of money," Halvorsen said.
"Right now, we are on the wrong side of that cyber-economic curve." Better
discipline, Halvorsen said, would raise the "cost of entry," thwarting some of
the smaller players. "Today almost anybody with a laptop, a little bit of sense
and a little bit of money can go on the Internet, download some tools and cause
a problem," he said.
There is a need for a culture and understanding that there
are "rules of engagement " and "rules of the road that apply whether you are
inside DoD or frankly if you are on your own [computer] system," he said.
"We are focused on building, generating, sustaining and
ensuring we have a ready cyber force within the Department of Defense," said Air
Force Lt. Gen. James "Kevin" McLaughlin, the deputy commander of U.S. Cyber
Command. In 2013, the command embarked upon a "four-year sprint" to bring 133
new cyber teams together across the military services, involving some 6,200
people, he said. The command is about half-way through in creating the teams, he
"In some cases, we're employing these units before they're
even at initial operating capability when they have recognizable units that can
function because the need for them is so dire," McLaughlin said. "We're
aggressively putting capability in the fight."
Cyber Ops, Threats Everywhere
"Cyber, unlike probably any other warfare area in the past,
is completely ubiquitous in everything we do," Halvorsen said. Cyber is unique
from the other domains, he said, because it is so interconnected and has no
geographical boundaries. "It is going to require us to be more enterprise in our
cultural understanding and actions with it," he said.
DoD civilian and military leaders need to understand the
importance of cyber defense, Halvorsen said, adding that "we've got to get cyber
into every level of command."
Cyber operators are "wrestling daily with the challenges of
operating a domain while also simultaneously defending it," according to Air
Force Brig. Gen. Robert Skinner, deputy commander, Joint Force
Headquarters-Department of Defense Information Networks. "We constantly balance
the risk with the inherent capabilities in the cyber domain to ensure our
warfighters are successful in everything that they do," Skinner said.
Cyber was made the fifth operational domain in 2010, and the
first functional one, he pointed out. "While we've held a decisive and dominant
advantage in all the other domains, that's not necessarily the case in the cyber
domain," Skinner said.
Follow Lisa Ferdinando on Twitter: @FerdinandoDoD)
Related Biographies :
Air Force Lt. Gen. James "Kevin" McLaughlin
Air Force Brig. Gen. Robert Skinner
Related Links :
Department of Defense Chief
U.S. Cyber Command
Special Report: Department of Defense Cyber Strategy