DoD wants common cyber picture

By Meg Beasley
Reporter
Federal News Radio

The U.S. Cyber Command may be operational, but it’s lacking a crucial component – situational awareness.

Brig. Gen. John Davis, director of current operations for the Defense Department’s Cyber Command, said situational awareness has been his number one challenge from the start.

DoD launched Cyber Command in November. With components in each organization, it is responsible for shielding 15,000 military networks.

Advertisement

Davis spoke Wednesday at a forum of industry leaders during a conference sponsored by the Armed Forces Communication and Electronics Association. He said while situational awareness isn’t fully operational, Cyber Command does have some pieces in place and have put a lot of thought into the type of system needed to complete the project.

“In terms of where we’re headed, we’ve outlined some effects-based operational requirements that we think are our near-term priorities,” Davis said. “So these are going to drive us. And we always translate it back to our operational requirements to drive where we’re headed with situational awareness.”

Davis said even though he focuses on Cyber Command – specific requirements, there are common threads between government and private sectors when it comes to cybersecurity concerns and needs.

“We all share the same infrastructure,” Davis said. “Ninety percent of what I use to do military missions across DoD rides on the commercial infrastructure. You can’t separate this stuff out – it’s all interconnected. So there should be a lot of common threads that run throughout what I need as a military commander and what you all are seeing.”

When it comes to Cyber Command’s priorities, Davis said situational awareness should form the foundation of DoD’s Common Operating Picture (COP).

He said it must also incorporate relevant blue, red and white/grey information.

“Blue is our own networks, the DoD networks,” Davis explained. “We need to understand our own networks to the point where we really understand what is critical about those networks – knowing what the key cyber terrain is. Because we know we can’t defend everything everywhere – money is going to be an issue.”

He said the red piece is threats, both current and future, cyber and physical. The white/grey refers to everything outside of DoD’s blue space – the commercial and private sector.

“We don’t want to just see a good picture inside of our wire,” Davis said. “We want to see what’s happening outside so that we can understand in real time what’s happening and posture ourselves to be able to defeat or mitigate threats that might be coming our way proactively rather that reacting to it after its already something that’s inside for us to deal with.”

Data overload?

Davis said DoD must balance that broad informational need with a way to analyze all the data the technology brings back to the military. He said too much data without a way to separate the wheat from the chaff actually makes his job harder.

Davis said it is important to leverage data from all sensors and capabilities, from the boundary of DoD’s networks all the way up to the top. But, he said, that is a lot of information, and, again, agencies need a means by which to sort through it.

“It’s not enough to just get bombarded with data of different types,” Davis said. “Embedded in the architecture has to be the ability to analyze that data so that it is focused on our operational priorities and key terrain.”

Davis said Cyber Command is looking for a platform that supports its three lines of operations – directing the operations of the networks, defending networks and leveraging the capabilities to provide offensive options. He said the system must balance the three rather than overly focus on one objective.

Davis said the platform must also support alerts and alarms in a subscriber-fashion. He said it’s not good enough for Cyber Command to have situational awareness – the information is almost meaningless if it can’t be delivered down the DoD architecture to individual agencies. Davis said with all of these pieces, Cyber Command is working to operate at near real time.

“The threats, both human and mother nature, occur very rapidly in this battle space,” Davis said. “Our decision making process has to be enabled by situational awareness so that we can rapidly react and make decisions and prioritize assets and resources and deal with what we see.”

Eyes wide open

Davis said another key to achieving situational awareness will be avoiding cyber blinders. He said they need to monitor the cyber and physical battlefields. He said threats emerge from both places, and decisions made in one domain effect the other.

Davis said the right technology will be a start to tackling these challenges, but it won’t be enough.

“There is a finite amount of human capital associated with the skill set required to do this job,” Davis said. “One of the key components of situational awareness is going to be the people who are sorting through all of this data. There is a need for training and education for the skill set needed to do this job effectively – we need to grow the workforce.”

He said that fully capable cyber personnel are in such high demand that every agency and company is fighting for them. He said that shortage increases the need for good technology that enables organizations to leverage the workforce they do have.

Davis said liaisons between organizations can help everyone understand individual agency cybersecurity processes, technological challenges and legal hurdles. He said sharing that information will enable them to find solutions more effectively and efficiently.

The government also must collaborate with service providers in order to develop the best solutions. But even in cyberspace, that requires trust. Davis said that human factor has been difficult to overcome, and he’s not sure what the best way to grow that virtual trust is.

“I’m not sure what the answer to growing trust is,” said Davis. “But I think urgency will help get us through this. We need to figure this out quickly, because if we don’t we’re going to be forced into a situation where we’re reacting to it. And I hope it isn’t a major incident of national significance that causes us to break down some of these hurdles.”

Davis said a serious situation will come if agencies and industry don’t come together, and it will likely be sooner than most expect.

(Copyright 2011 by FederalNewsRadio.com. All Rights Reserved.)