NATIONAL HARBOR, Md.–Commander of U.S. Cyber Command (USCYBERCOM) and National Security Agency (NSA) Director Adm. Mike Rogers reiterated the need for a potential split of his dual-hat leadership role to meet new operational challenges in commanding cyber operations, while pushing for greater discussion with Department of Defense private sector partners on shoring up responsibilities for protecting their significant infrastructure.
Rogers spoke on a panel with retired Air Force Gen. Michael Hayden, now with the strategic advisory firm The Chertoff Group, at an Air Force Association Conference on Tuesday. He said the the long-rumored split of his leadership role of the two organizations, following USCYBERCOM’s elevation to a full combatant command in August, was still an on-going process to see if the current alignment still makes sense.
“We have got to be open to the idea that we are continually evolving in this construct. Look how fast it’s gone in literally just over 10 years. We went from a functional component aligned against a combatant command to now let’s go to a combatant commander. I think now the next question in this evolution is, ‘Does that alignment still make sense as we’ve evolved a very traditional operational force?’” said Rogers.
Rogers affirmed his goals for USCYBERCOM as migrating from a focus on the defense of networks to more broadly examining how to best defend networks, weapons systems, defense platforms and critical data.
Both Hayden and Rogers agreed the capabilities to best defend this expanded set of responsibilities may extend beyond the DoD and come from industry partners.
“I actually think in many day-to-day circumstances, not the first but only line of defense as a practical matter will be what we can achieve by and through our private sector,” said Hayden. “That might mean not that DoD or the government is a bit more generous with security clearances or a bit more rapid in sharing classified information. It may actually mean redefining what we mean by security clearances, redefining what we mean by classified information in this kind of world.”
To continue building on the partnership between DoD and the private sector a priority must be placed on ironing out the details of information sharing related to the cyber security of critical infrastructure, according to Rogers.
“One of the thing’s I tell my private sector partners is, ‘what I need knowledge of is your network configuration, your network activity, and I need to get sense for what are your critical paths, where’s your most critical information. If I can get access to that, I think we can work together to help with your challenge set,’” said Rogers. “The flip side of that is, ‘look, I don’t need to watch or necessarily have access continually your internal business processes and the data often associated with that.’ That’s not what we need to execute our ability to defend.”
Within these new partnerships, DoD is promising to bring expertise and knowledge of potential adversaries’ tactics and tools for operating in the cyber domain, and urging industry to provide detailed knowledge of their network configurations.
In order to defend networks, Rogers reiterated that industry partners must not wait until a cyber threat is imminent to provide details on its infrastructure but must be proactive in giving DoD a roadmap to providing the necessary cyber resiliency efforts.
“I think one of the challenges of cyber is it is going to force us to get out of many of the traditional definitions that we have used to define responsibility, to define privacy and to define roles,” said Rogers. “My military experience has led me to believe the probability of a successful mission outcome is not particularly high the first time you’re dealing with a problem or a set of partners in the middle of a crisis. That’s not the way to maximize the possibility of a successful outcome.”