By David Vergun, DOD News
Adversaries have heavily invested in cyberspace operations and capabilities. As such, cyber operations, cybersecurity and information operations are increasingly important to the joint force, said the commander of U.S. Cyber Command, who’s also the director of the National Security Agency.
“The scope of what we need to defend and protect has dramatically expanded,” Army Gen. Paul M. Nakasone said today during a virtual address to the U.S Naval Institute and Armed Forces Communications and Electronics Association’s WEST Conference.
The Defense Department’s information network is composed of 15,000 sub-networks, 3 million users, 4 million computers, 180,000 mobility devices and 605 million website requests a day, he said.
“We used to think about cyberspace as merely the need to protect these computer networks. And while it’s a good place to start, the attack surface is much broader,” Nakasone said.
For example, protecting weapons systems is a related but distinct challenge compared to networks, he said. They require software updates and patches. In the case of the Navy, they’re onboard ships that don’t return to port for months at a time, making it even more challenging to provide timely updates.
Another challenge with weapons systems is ensuring that cybersecurity considerations are implemented in the earliest phases of the acquisition cycle, he said.
Protecting DOD’s data is also a major challenge, he said.
Understanding how state and non-state adversaries are able to successfully carry out cyberattacks is important, he said. “They learn over time in terms of what they can do. They’re not static in the terms of how they approach cyberspace.”
In about the past 150 days, adversaries have successfully conducted supply chain attacks, particularly ransomware attacks, he said. In the last several years, election cybersecurity has taken on an increasingly important role.
Terrorist groups are also mounting cyberattacks, he said. In response, the department has emphasized close teamwork between the NSA, Cybercom, and other commands — U.S. Special Operations Command, in particular.
Chief Master Sgt. Daniel Camp, the senior enlisted advisor and defensive cyber operator for 102nd Cyberspace operations squadron in the Air National Guard, and Staff Sgt. Heriberto Duran, Defensive Cyberspace Operator for II Marine Expeditionary Force, 8th communication battalion, delta company, discuss potential network vulnerabilities during Cyber Yankee 21 on Camp Edwards in Massachusetts, June 15, 2021. Reserve Marines with Defensive Cyberspace Operations-Internal Defensive Measures (DCO-IDM) Companies A and B, 6th Communication Battalion, and Active Marines with DCO-IDM Company D, 8th Communication Battalion, are playing the “red team,” or attack role in Cyber Yankee 21. This exercise, hosted by the Army National Guard, exercises tactics, techniques and procedures of cyber operations, using network mapping software and attack vectors. (U.S. Marine Corps photo by Lance Cpl. Mitchell Collyer)“We learned how to work closely with U.S. Special Operations Command, both to support their efforts against kinetic targets and to leverage their capabilities against virtual ones,” he said.
Nakasone also emphasized the importance of working with industry, academia, interagency partners like the FBI and the Department of Homeland Security, as well as with allies and partners.
Having a skilled and motivated workforce is also critically important, he said. They need to have the right training and career paths and professional development opportunities, and the DOD must be open to their new ideas.