Cyber enemy is more dangerous than any individual or machine

Thursday, May 01, 2014

It’s a warfighting domain that is ever-evolving and offers no easy answers for the fight, but is becoming amore important as the Army heads into the future.

Experts from across the Army discussed the importance of and challenges associated with "Operationalizing the Cyber Domain for the Army," at the Association of the United States Army’s 2014 Winter Symposium in Huntsville, Ala.

Moderated by retired Lt. Gen. Jeff Sorenson, and chaired by Lt. Gen. Edward Cardon, commanding general, Army Cyber Command, panelists included: Lt. Gen. Mark Bowman, director for command, control, communications and computer/cyber/chief information officer, J-6, Joint Staff; Maj. Gen. Thomas James Jr., director, Mission Command Center of Excellence, Army Training and Doctrine Command; Col. Maureen O’Connor, director, Army Joint Force Headquarters – Cyber, Army Training and Doctrine Command; Lt. Col. Paul Stanton, technical liaison to U.S. Cyber Command ,Army Cyberspace Command; and Robert Fecteau, chief information officer, SAIC.

"We’ve got to make this operational now, we’ve got to make cyber work for us now," Bowman said.

Adding, "No matter how you look at it, we are outnumbered. It doesn’t matter what method you try to figure out to come up with a better answer on our behalf, we’re outnumbered – as DoD, as U.S. government and as a nation.

"The cyber enemy is an enemy that’s potentially more dangerous than any individual or machine than we have ever known in the history of the world. We’ve got to be able to defend against the threat."

Developing that defense, as mentioned by the panelists, includes training and education for the current workforce, growing new talent, keeping up with technology and new capabilities, and developing the infrastructure and platforms needed to succeed in the cyber domain.

"We see the battlefield in cyberspace through data," Stanton said.

He also noted, "There is an enormous volume, velocity and variety in that data. If I deploy an infantry scout to over-watch the road intersection, that scout would report back when a certain number of vehicles traverse the road, and that becomes a strong indicator to the decision maker on what to do next.

"In cyberspace, the avenues of approach are hundreds if not thousands, within an operating environment. Additionally, the vehicles, if you will, that traverse that network are in the millions. There’s just a vast amount of data that we have to have the right capabilities and tools to translate into information in support of the decision process for mission commanders."

The sheer volume of that information poses a challenge, Stanton said.

"When I literally have billions of data points, which ones are relevant to feed back to the commander, and how do I determine that?" Stanton said.

Adding, "The relationships between the data – when I have those hundreds, if not thousands, of avenues of approach and millions of events – how do I determine which ones are correlated and related to one another in some interesting way?

"It’s not as neat a package as counting the number of vehicles that traverse the road intersection. How do I determine what actually is an indicator of threat activity on the network, and ultimately, how do I get to causality?"

Reaching across land, sea, air and space, the cyber domain is a warfighting domain and a commander’s business, according to James.

"We’ve got to be able to take information and make it knowledge, and get it to the commander on the battlefield, where it’s needed, where their organization is developing the situation through action and contact with the enemy," James said. Adding, "We have to be able to protect our networks, establish resilient communications capability and be able to retain the ability to fight degraded. That is the environment we will be in. We’ve got to be able to include mission command on the move and our link to the Joint Force so we include that joint synergy."

Sharing information is not the only challenge associated with the cyber domain, but protecting it as well.

Sorenson referenced Operation Buckshot Yankee, a cyber-attack that occurred in 2008 when malicious software infected both unclassified and classified systems via a flash drive.

Intellectual property (IP) is a key area of concern, according to Bowman.

"Cyber reaches through everything," Bowman said. "It means protecting intellectual property. The theft of IP is the greatest transfer of wealth in history. Why would another country or adversary, or even a friend spend a bunch of money on R&D to come up with something when they could steal it from somebody else and start from a rolling start or full steam?"

While the challenges seem daunting in his presentation, Cardon shared his hope for the future in a world where 100 hours of video are uploaded to YouTube every minute and millions of emails shared.

"This is not dark; this is tremendous opportunity," Cardon said.