The Army must continue to increase resources and build on its cyber warfare capabilities as it faces hundreds of thousands of attempted cyber threats perpetrated against service networks each day, according the commander of the U.S. Army Cyber Command Lt. Gen. Paul Nakasone.
Speaking at the Defense One Tech Summit in on Thursday, Nakasone provided an update on the Army’s progress in assessing the increasingly persistent threat level in the cyber domain and addressed the recruitment goals for Cyber Command moving forward.
“We’re bringing in 60 new lieutenants this year that have a very hard science background to deal with cyber,” Nakasone said in his discussion with Defense One Executive Editor Kevin Baron. “If you come in now, we offer you to work cyber for your entire career not just initially. This is the crucible we need for our leaders.”
The Army Cyber Command, officially stood up in 2010 and incorporating 41 active offensive and defensive cyber teams in the military branch, is embracing the direct commission approach included in fiscal year 2017’s defense authorization act to hire directly from the private sector for important roles in determining cyber strategy moving forward. Specifically, Nakasone’s command is seeking civilians with a background in technical cyber skills as well as acquisition experience in order to fill roles needed to protect the Army’s vast network of weapons and communication systems.
“As long as you meet certain standards specified by the service, coming as a civilian might be what the future holds for us,” Nakasone said. “The feedback we got from individuals is you are downplaying what you’re doing as a mission. We’re trying to improve our message.”
Progress has been made in the streamlining of offensive cyber operation conducted against the Islamic State where Army Cyber Command supports ground combat commanders, and in the area of increased integration of new electronic warfare and cyber defense capabilities needed for potential utilization against adversaries in the domain.
An earlier panel on cyber and electronic warfare at the summit discussed this persistent threat from known adversaries who have the potential to infiltrate both military and government systems.
“This make me nervous and I usually don’t get nervous. You see what the Russians did in the election. These are known attacks that are not vague,” Co-Director of Harvard’s Belfer Center for Science and National Affairs Eric Rosenbach said. “When people think they can do something to you and get away with, they are more likely to do it.”
On the same panel, Intelligence Advanced Research Projects Activity Deputy Director Stacey Dixon emphasized the inevitability of facing attacks in the domain and needing comprehensive operational capabilities to keep up with changing threats.
“We need to focus on continuing to defend against attacks and ensure that our systems are so intact that the effects going forward are less damaging,” said Dixon. “Things are escalating, and adversaries are not just going in there to disrupt operations but are not trying to destroy them.”
On the areas that need work, Nakasone pointed to insider threats and the lack of artificial intelligence integration in order to increase cyber deterrence.
“Our greatest vulnerability is still the operator, especially when dealing with such a vast system of networks,” said Nakasone. “More needs to be done with artificial intelligence (AI). I would love to have a self-healing network. We are very interested in terms of a taking a force that is only so big and making that larger. One of the ways you do that is with AI. That’s the future for us.”
In addition, the earlier panel highlighted the need for patches to decrease the capacity for human error when protecting the cyber domain and critical infrastructure. Greg Smithberger, the National Security Agency’s Chief Information Officer cautioned against resistance to patching due to fears that it affects the functionality of networks.
“We act as if there’s a solution to this problem, but the reality is that we’ll never be done. Any technology invented by human’s has flaws, and the large networks utilizing these technologies don’t always get it right” said Smithberger. “We need to all make the assumption that someone could be getting under these defenses and we must look for evidence that they are there.”
Army Cyber Command is continuing to integrate defense capabilities and test tactics to advise the administration’s senior policy makers on the direction to take when it comes to protecting networks in the cyber domain.
“The most difficult mission is that we have to be right every time, where the attacker only has to be right one time to be effective,” said Nakasone.