Having had the privilege to meet, hear speak, and ask questions of General James E. Cartwright (USMC, Ret.) when I found this video it was A Cyber Fellow’s treat! The video is from the Global Security Forum 2012. One of the panels addressed the big aspects of Fighting a Cyber War to include significant strategy and policy discussions in Defense and International Security, Technology and Cybersecurity. Several years ago at an AFCEA IT conference while he was serving as Commander, U.S. Strategic Command, I asked a question relating to the significant slowness of technology to penetrate the U.S. Military for use by our Forces. His retort, “it is a massive problem,” quite accurate from what I’ve learned about the issue since - he even offered me his shoes if I wanted to take his place (Navy LT (O3) to 4-Star (O10) would have been a significant jump). The problem is quite massive and at the root of our Military’s desire - Innovative, Highly Technical, Entrepreneurial, yet Inspirational and an Effective Leader - the perfect warfighter!
Since that day I’ve worked toward being able to fill those shoes…
About the video and forum:
The Global Security Forum 2012 is a forum on the top challenges facing U.S. and global security. The vulnerability of military, civilian, and commercial networks to cyber attack is forcing the U.S. government to revise its approach to cyberspace. While most attention is focused on preventing attacks, this panel will address how cyber could be used in an offensive capacity, including how to conceptualize command and control, targeting, damage assessment, proportionality, and deterrence in a cyber environment either alone or alongside kinetic operations.
Incoming search terms:In the Chairman\s White Paper on Mission Command (2012) the joint force of the future will find themselves operating in a security environment that is _____
Released in December of 2011 by the Executive Office of the President, the National Science and Technology Council provides direction in Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program. I find understanding this document helps clarify how the “Technology Doctrine” flows down through the government into the Department of Defense and then into the U.S. Navy.
The objective of Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program is “to express a vision for the research necessary to develop game-changing technologies that can neutralize the attacks on the cyber systems of today and lay the foundation for a scientific approach that better prepares the field to meet the challenges of securing the cyber systems of tomorrow.“
Federal Cybersecurity Research and Development (R&D) Program Thrusts:
- Inducing Change
- Designed-In Security
- Tailored Trustworthy Spaces (with a Focus Area of Wireless Mobile Networks)
- Moving Target (with Focus Areas of Deep Understanding of Cyberspace and Nature-Inspired Solutions)
- Cyber Economic Incentives - Research required to Explore models of cybersecurity investment and markets; develop data models, ontologies, and automatic means of sanitizing data or making data anonymous; define meaningful cybersecurity metrics and actuarial tables; improve the economic viability of assured software development methods; provide methods; to support personal data ownership; provide knowledge in support of laws, regulations, and international agreements.
- Developing Scientific Foundations
- Organizes disparate areas of knowledge – Provides structure and organization to a broad-based body of knowledge in the form of testable models and predictions
- Enables discovery of universal laws – Produces laws that express an understanding of basic, universal dynamics against which to test problems and formulate explanations
- Applies the rigor of the scientific method – Approaches problems using a systematic methodology and discipline to formulate hypotheses, design and execute repeatable experiments, and collect and analyze data
- Maximizing Research Impact
- Supporting National Priorities - Health IT, Smart Grid, Financial Services, National Defense, Transportation, Trusted Identities, Cybersecurity Education.
- Engaging the Cybersecurity Research Community
- Accelerating Transition to Practice
- Technology Discovery
- Test and Evaluation
- Transition, Adoption, and Commercialization
Executing the Federal Cybersecurity Research Program:
- Research Policies
- Provide accurate, relevant, timely scientific and technical advice
- ensure policies of Executive Branch are informed by sound science
- ensure scientific and technical work of Executive Branch is coordinated to provide greatest benefit to society
- Research Coordination
- Research Execution (via Agencies)
- DHS S&T
- DoD Service research organizations
Yesterday I had the pleasure of attending “Supply Chain Security - Do you know who your insiders are?” by Bob Hutchinson, Senior Manager, Sandia National Laboratories’ Information Security Sciences Group.
The key aspect of his presentation that I took away was the National Labs’ ability to control and prevent compromise of the Nuclear Weapons supply chain. And that the lessons learned from almost 7 decades of experience could be applied to the supply chain risk of Information Technology. We’ve solved most problems before it simply takes effort to find where.
This analogy led me to investigate a bit more and I discovered Bob’s statement to the United States House of Representatives Committee on Energy and Commerce, Subcommittee on Communications and Technology. His 4 key points are:
- While strategic data theft of intellectual property and national secrets has become a focus recently do not lose sight of the malicious data modification threat.
- Examine and be aware of your Information Technology aspects of your supply chain; from the software applications and patches to the sub-components of each piece of hardware (and it’s obvious supporting software -firmware).
- While developing the manner and mechanism for Cyber information sharing between Government and Industry there must be a strategy associated with it. This strategy could then be used to assist in an adversary “self-identifying.”
- Identifying the Nation’s noted “profound shortage of qualified cyber security experts.” He adds that having been tasked by DoE, Sandia to has built “a program that’s more like a medical residency than a trade certification” and that this model is much more appropriate to creating the requisite cyber security experts for the nation.