Pentagon Plans Five-fold Increase In Cybersecurity Staff
redOrbit Staff & Wire Reports – Your Universe Online
The Pentagon plans to increase the size of its cybersecurity force more than fivefold over the coming years to combat threats to the nation’s critical computer systems and conduct offensive operations against foreign adversaries, according to reports citing several Defense Department officials.
The plan, which was requested by the head of the Defense Department’s Cyber Command, or Cybercom, calls for the increase of military and civilian staffing within the organization from 900 to more than 4,900, The Washington Post reported.
The initiative is part of Cybercom’s effort to shift from a largely defensive organization to more of a technological fighting force.
While specific details of the plan have not been finalized, it involves the creation of three types of forces under Cybercom: a defensive “national mission force” to protect systems that support electrical grids, power plants and other critical infrastructure; a “combat mission force” to help military commanders overseas plan and execute offensive operations; and “cyber protection force” to bolster Defense Department networks.
The decision to move forward was made by senior Pentagon officials late last year in recognition of growing cyberthreats to critical U.S. infrastructure, according to senior defense officials speaking with The Post on the condition of anonymity.
“Given the malicious actors that are out there and the development of the technology, in my mind, there’s little doubt that some adversary is going to attempt a significant cyberattack on the United States at some point,” said William Lynn, a former deputy defense secretary who helped form the Pentagon’s cybersecurity strategy.
“The only question is whether we’re going to take the necessary steps like this one to deflect the impact of the attack in advance or . . . read about the steps we should have taken in some post-attack commission report,” he told The Post.
The nation’s military’s service chiefs have generally agreed to the plan, although there are concerns about how the military will find and train enough qualified cybersecurity personnel to meet the program’s goals.
There is also an issue about how closely Cybercom should be aligned with the National Security Agency (NSA), which employs some of the nation’s most advanced cyber-operations specialists.
General Keith Alexander currently serves as both the head of U.S. Cybercom and director of the NSA.
Cybercom’s three new divisions are the creation of outgoing Defense Secretary Leon Panetta, who has previously warned that cyberterrorism will be the next major conflict the nation will face.
“Our mission is to defend the nation,” he said during a speech last October, adding that the department was “putting in place the policies and organizations we need to execute the mission.”
China, Russia, Iran, and militant groups throughout the world have all been identified as potential aggressors, with some security officials saying that battles have already begun, although it is not clear whether these attacks are government-authorized.
A senior defense official told The Post that Cybercom’s national mission teams would focus their efforts abroad, and that any actions taken would be directed outside U.S. networks unless the teams were specifically asked to provide assistance to domestic agencies.
“There’s no intent to have the military crawl inside industry or private networks and provide that type of security,” the source said, adding that the military would only act in cases in which there was a threat of an attack that could “really hurt.”
“We’re not talking about doing something to make sure that Mrs. Smith’s bank account didn’t get hijacked by somebody,” the source said.
Cybercom’s expansion plan comes amid cutbacks in overall military spending, an indication of how important senior military officials see the need to improve U.S. cybersecurity staffing.
Meanwhile, some military and defense officials question whether Cybercom can reach its full potential as a military command when it is so dependent on the NSA. The two organizations are located side by side, and until recently some Cybercom staff even had nsa.gov e-mail addresses.
But officials say such close collaboration between the two groups has had benefits. For instance, the agency can peek into foreign networks and provide Cybercom with intelligence. In some cases, this would mean warning Cybercom if and when an adversary is suspected of planning a cyberattack, or of developing a powerful virus.
“That gives you an advantage of being able to plan for and be prepared to react,” the defense official said.
But this closeness has led some officials to worry about whether Cybercom can create a truly independent, strategic policy. The concern is that the NSA’s priorities will overshadow those of Cybercom’s, and that emphasis will be given to the development of tools that are useful for surveillance but not necessarily for disrupting foes.
There’s a “cogent argument” to be made that for Cybercom to become a true military command, that relationship must be severed, one military official said.
With the decision to expand Cybercom, General Alexander, who has been asked to remain in his Cybercom post until summer 2014 has sought independent budget authority for the group to hire and control forces, similar to the way Special Operations Command is run.
Although he hasn’t yet received that new authority, he has been granted the additional forces.
Alexander has also earned the support of senior Pentagon officials to raise Cybercom from the umbrella of Strategic Command to full command status. However, officials say that move, which requires consulting with Congress, has not yet happened.