By Rep. Jim Langevin (D-R.I.) Special to Federal News Radio
The security challenges in the cyber domain are pervasive and interconnected. Myriad independent and state-sponsored actors continually threaten our way of life, even as global networks create incredible opportunities for our economy. As a result, the Department of Defense is responding by not only working to secure our presence in cyberspace, but also leveraging the unique capabilities of IT to increase efficiency and lower costs.
Last year, when Deputy Defense Secretary William Lynn announced that cyberspace would be regarded as an “operational domain,” akin to air, space, land and sea, it was an important acknowledgement of cyber’s key role in our national security — and the complex challenges it presents. The emergence of U.S. Cyber Command is the most visible sign of its growing importance as existing networks consolidate into the digital domain.
Today’s warfighters demand unprecedented amounts of data in rapidly evolving ways, through devices that are not only increasingly mobile, but increasingly commercially sourced. The Pentagon has dozens of mobile pilot programs underway, from iPads for defense leadership to smartphones for soldiers. All these devices must assure access to both secure and unsecure networks — a daunting challenge for a Defense Department that has traditionally relied upon proprietary systems, especially given the growing vulnerability of consumer devices.
On a larger scale, the release of DoD’s Cloud Computing Strategy earlier this year is a reminder of the rapid acceleration of the department’s move to a converged IT infrastructure, and it includes commercial services as a means to meet the twin goals of increased capacity and decreased costs. This is not a slam-dunk: much work remains in order to foster the adoption of cloud computing and put in place an efficient, innovative and secure infrastructure to enable it. But the potential payoffs, coupled with the ever-increasing budgetary pressures on all aspects of DoD operations, mean that we must support and encourage this transition.
Even DoD’s own networks are reliant upon commercial capabilities for their daily needs. The commercial world owns 90 percent of the architecture that makes up cyberspace, and the government must operate in that space. Testifying before the House Armed Services Committee, senior military leaders have emphasized that even our physical assets — our military bases, depots and other defense-related critical infrastructure — are dependent on commercial inputs, such as power, water and other utilities, all of which remain critically vulnerable given the failure of Congress to enact comprehensive cybersecurity legislation that includes minimum standards for critical infrastructure owners and operators. Some promising programs continue to make a difference, such as the Defense Industrial Base information-sharing pilot program, but in the absence of comprehensive action, severe vulnerabilities will persist.
While many of the solutions to network security, such as strengthening the systems that guard our critical infrastructure, should be clear, we must better enumerate DoD’s authorities for operating in cyberspace and how cyber capabilities are utilized in conjunction with other operations. While I commend the Obama Administration’s recent steps to clarify these policies and create a greater understanding of the United States’ posture in cyberspace, the complexity of the domain requires continued public discussion.
Perhaps the greatest challenge faced by the Department of Defense — and the entire government enterprise — is human resources. Technological dominance is meaningless without a skilled workforce capable of operating at the highest levels of their field. In this area, we are falling short.
The Department of Defense has made important and effective strides to foster its own cyber workforce, including defined career paths, effective recruiting, and growing clarity as to the operational roles of each service; however, by any measure, our colleges and universities are not graduating a large enough pool of these IT-savvy workers to ensure our cybersecurity.
Some programs are fighting against the trend. The joint NSA/DHS Cyber Centers of Excellence are showing great results at the collegiate level, including in my home state of Rhode Island, and efforts like the Air Force Association’s CyberPatriot program and the Cyber Foundations Competitions are introducing high school students to the career and giving them opportunities to excel in cybersecurity. Moving forward, we need increased collaboration between the government, educational institutions and the private sector. Working together, they can leverage different existing capabilities to great effect.
The best cybersecurity policies won’t amount to anything without the correct people to execute them, and no national security plan will be complete if we don’t produce a workforce ready to carry out our military’s rapidly increasing cyber missions.
Rep. Jim Langevin (D-R.I.) is co-founder of the bipartisan Congressional Cybersecurity Caucus and serves as Ranking Member on the House Armed Service Subcommittee on Emerging Threats and Capabilities. He co-chaired the bipartisan CSIS Commission on Cybersecurity for the 44th Presidency that made policy recommendations to the incoming President in 2008.