Cheryl Pellerin at the DoD News offers the below piece:
FORT MEADE, Md., Aug. 18, 2014 - U.S. Cyber Command continues to expand its
capabilities and capacity, Navy Adm. Mike Rogers said Aug. 14.
The U.S. Cyber Command commander and director of the National Security Agency
was speaking during an interview at the NSA headquarters building here.
"The decision to create [U.S. Cyber Command] was a ... recognition of a
couple things. No. 1, the increasing importance of the cyber domain and the
cyber mission set in Department of Defense operations in the 21st century,"
Such a command would add to the department's ability to protect and defend
its networks, and give policymakers and operational commanders a broader range
of options, he said.
The second consideration involved DoD's mission to defend the nation, coupled
with the potential of nation-states, groups and individuals to conduct offensive
cyber activities against critical U.S. infrastructure.
In that scenario, the admiral said, defense officials thought it was likely
the president would "turn to the secretary of defense and say, 'In your mission
to defend the nation, I need you to do the same thing here in the cyber arena
against this mission set critical to U.S. infrastructure, and I need an
organization capable of doing that.'"
These conditions led the department to realize the need to create a
traditional warfighting organization capable of executing a spectrum of
cyberspace missions, Rogers said.
And, he added, they knew they needed to do so "with a dedicated
professionalized workforce. This is not a pickup game where you just come
casually to it."
Rogers said he focuses on five priorities for Cybercom.
These are to build a trained and ready cyber force, put tools in place that
create true situational awareness in cyberspace, create command-and-control and
operational concepts to execute the mission, build a joint defensible network,
and ensure Cybercom has the right policies and authorities that allow it to
execute full-spectrum operations in cyberspace.
Making progress is important to Rogers, who characterized his ultimate goal
as bringing U.S. Cyber Command to a level where it's every bit as trained and
ready as any carrier strike group in the U.S. Central Command area of
responsibility or any brigade combat team on the ground in Afghanistan.
"My objective during my time as the commander, first and foremost," the
admiral said, "is to ensure that we have brought to fruition the operational
vision in cyber ... [to make sure] it's something real, it's something tangible,
and it is operationally ready to execute its assigned missions."
That is happening as Cybercom brings its warfighting capability online, with
the services generating a total cyber mission force of about 6,000 people by
2016, all trained to the same high standard and aligned in 133 teams with three
-- The Cyber National Mission Force, when directed, is responsible for
defending the nation's critical infrastructure and key resources.
-- The Cyber Combat Mission Force provides cyber support to combatant
commanders across the globe; and
-- The Cyber Protection Force operates and defends the DoD information
network, or DoDIN.
Defending the DoDIN is the focus of a partnership in progress with the
Defense Information Systems Agency, or DISA.
The agency provides command and control and information-sharing capabilities
and a globally accessible enterprise information infrastructure to warfighters,
the president and national leaders, and other mission and coalition partners.
DISA, Rogers points out, is also a combat support agency.
The agency reports to acting DoD Chief Information Officer Terry Halvorsen,
and its director is Air Force Lt. Gen. Ronnie D. Hawkins Jr.
"I have always believed ... that we need to integrate operations and networks
and our defensive workforce into one team," Rogers said, "and that you are more
effective in operating a network and in defending a network when you do it with
one integrated approach."
As a result, Rogers' team decided they needed to create a relationship with
DISA, he said, adding, "At the moment there's no formal [command and control]
line between us, but we're in the process of creating one."
As part of that process Rogers collaborates with Halvorsen and Hawkins.
"What I think we need to do," he said during their meeting, "is create an
operational construct that creates a direct linkage [between] U.S. Cyber
Command, DISA and U.S. Cyber Command service components."
It's critical that the relationship includes the service components, Rogers
"Because, under the current network structure today, those networks are
largely run by [the] services. So we've got to create a relationship between
DISA and the services that is very operational because you've got to maneuver
networks, you've got to react to changes, and you can't do that in a static kind
"We're in the process of doing that and I expect to roll it out in
the fall. ... You'll hear it referred to as JFHQ DoDIN," he said, or Joint Force
Headquarters DoD Information Networks.
Rogers said that he, Halvorsen and Hawkins agree, this is the future of DISA.
"[DISA] will operate on the networks.
They'll be part of our defensive effort
so they will be out operating on the networks just like us," he added.
"One of the core missions is the defense of the DoDIN," Rogers said. "The
forces associated with that mission will be assigned to DISA, to the services
[and] to the combatant commanders." So, he added, DISA will have some
operational control over the cyber mission force to help execute their mission.
Another of Rogers' priorities for Cybercom is to help develop a common
situational awareness of "what's happening in DoD networks," he said.
The commander highlighted the need for speed and agility in the cyber arena,
adding, "If you can't visualize what you're doing ... you're not going to be
fast or as agile, and thus arguably not as effective as you need to be."
Rogers said, "As an operational commander I am used to the idea of walking
into a command center, looking at a visual depiction that through symbology,
color and geography enables me to very quickly come to a sense of what's
happening in this space. We are not there yet in the cyber arena."
Establishing situational awareness in the cyber realm is a combination of
technology and capability, the admiral said, and determining what knowledge is
needed and what elements contribute to that.
"Is what U.S. Cyber Command needs to know about what's going on in the
network world the same thing as a strike group commander needs in the Western
The same thing an Air Force air wing needs in Minot, North Dakota? The
same thing a brigade combat team needs in Afghanistan? It will vary, so we've
got to create a system that you can tailor to the needs of each commander," he
Rogers noted there are many ongoing efforts to improve situational awareness,
pointing out the need to work collaboratively to fix the problem.
"We do have some tools right now," he added. "They're just not as mature and
comprehensive as I'd like them to be."
Cyber is foundational to the future, the admiral said, and he often comments
to his fellow operational commanders that cyber is a mission they have to own.
"The wars of the 20th century taught most warfighting professionals that, no
matter what you do, a good foundational knowledge of logistics is probably going
to stand you in good stead," Rogers explained.
In the 21st century, he added, operational commanders may find that,
regardless of their mission, they will need a sense of what's going on in their
networks, where they're taking risk, and the impact of network structure and
activities on their ability to execute the mission.
"It's not something you turn to your communications officer ... or your CIO
and say, 'I don't really understand this. Go out and do some of that for me.'
That isn't going to get us where we need to go," the admiral said.
Rogers elaborated on the need for Cybercom to be ready.
During his time as Cybercom commander, he said he expects that a
nation-state, group or individual will attempt to engage in offensive,
destructive capability against critical U.S. infrastructure, from the power grid
to the financial sector.
The Presidential Policy Directive for Critical Infrastructure Security and
Resilience outlines 16 designated U.S. Critical Infrastructure sectors.
Rogers says he tells his team they have to be ready to respond to such a
call. But for an attack on the United States, Cybercom will support the
Department of Homeland Security, which is the lead agency for broader security
protections associated with critical infrastructure, and partner with the FBI,
which is the lead agency for domestic attacks and law enforcement.
"Our biggest focus really is going to be bringing our capabilities to bear to
attempt to interdict the attack before it ever gets to us," the admiral said.
"Failing that," he continued, "we'll probably also have some measure of
capability that we can provide to work directly with those critical
infrastructure networks to help address the critical vulnerabilities and where
the networks could use stronger defensive capability."
To prepare for such interagency collaboration in the event of a domestic
cyberattack, the command trains as it will fight, Rogers said.
"In the military I'm used to the idea that you train like you fight. So we
exercise [and] we replicate the things we think are going to occur in a combat
scenario," the admiral said. "I want to do the exact same thing with the same
set of teammates I'm going to operate with if we get the order to do so."
The department and Cybercom already do internal exercises, he said, as well
as ongoing interagency exercises such as Cyber Guard, in which elements of the
National Guard, reserves, NSA and Cybercom exercise their support to DHS and FBI
responses to foreign-based attacks on simulated critical infrastructure
The whole-of-government exercise, completed June 17, was designed to test
operational and interagency coordination and tactical-level operations to
prevent, mitigate and recover from a domestic cyber incident.
Cyber Guard is a good example, Rogers said, "but I want to build on that. DHS
and FBI were there but I think we can do even more."
Information sharing and partnerships with the critical infrastructure sectors
is an important aspect of enabling Cybercom to more effectively interdict and
stop an attack, if directed to do so by the president and defense secretary, he
The cyber threat is growing increasingly complex, the Cybercom commander
said, and a more diverse set of actors is involved in the mission set, "from
nation-states that continue to increase their capabilities, to groups, to
In broad terms, he added, "you don't see a crisis in the world today that
doesn't have a cyber aspect to it."
For that reason and others, the ultimate construct of U.S. Cyber Command must
be flexible, the admiral said.
"If you want to develop full-range capabilities and generate the maximum
flexibility for their application, you've got to build a construct that
recognizes we're going to be supported sometimes, we're going to be supporting
other times, and sometimes we're going to be doing both simultaneously," Rogers
In one scenario Cybercom might be helping the commander in the Pacific, he
said, and "at the same time we might be driving efforts to secure the U.S.
financial infrastructure ... and trying to support U.S. Central Command.
"It's just the nature of things," Rogers said, "because cyber is so global
and so foundational."