The Pentagon is working on a new strategy for operating in cyberspace but still wants more help from Congress to better protect U.S. computer networks, a senior official said.
Army Maj. Gen. John Davis, the senior military adviser to the undersecretary of defense for policy, detailed the successes and challenges military officials have experienced trying to implement the five-part Department of Defense Strategy for Operating in Cyberspace. And he said the Pentagon is updating that plan, which was crafted in July 2011.
(1)(1).jpg) |
“This has been what is guiding the department for the last two years, and it’s two years old,” Davis told the Armed Forces Communications and Electronics Association International Cyber Symposium on June 25, as he held the document. “What’s two years in cyber years…is like 20 years old.”
“So as you might imagine we’re already working on the next version of this, and what it will do to drive the department forward for the next several years,” he added.
The Pentagon cyber strategy has five basic components: treating cyberspace as an operational domain, employing new defense operating concepts to protect Pentagon networks, working with other federal agencies and the private sector for a whole-of-government approach to cyber defense, partnering with international allies for a global approach, and developing and encouraging a strong cyber workforce and technological innovation.
“Make no mistake, there is a great deal of work yet to be done, but we have made some really good progress in a number of areas under each of these (five) strategy components,” Davis said at the Baltimore conference. He called the progress that has been achieved “difficult and complex,” saying it reflects the complexity of the varied relationships between parties working in the cyberspace arena.
He said progress with the first two components of the Pentagon cyber plan–treating cyberspace as a domain and employing new defense operating concepts–has been “comparatively faster than in the rest.”
The next two parts of the strategy–relating to extending cyber defense to other federal agencies and the private sector and to partnering with international allies–“clearly demonstrate that is a team effort, the (Department of Defense) DoD cannot go at this alone,” he said.
It’s the fifth component of the cyber strategy–regarding technological innovation and the cyber workforce–where “a great deal of our more-important challenges remain,” Davis said.
“If we don’t get the people aspect right, all the rest of our solutions will be transient at best,” he said.
Another major hurdle, he said, relates to Congress and its failure in recent years to pass cybersecurity legislation. Republicans and the U.S. Chamber of Commerce blocked legislation last year intended to better protect critical-infrastructure providers’ networks, maintaining it would lead to excessive regulation.
President Barack Obama released an Executive Order on Cybersecurity in February. It is intended to promote information sharing between private entities and the government and create a voluntary program in which critical-infrastructure providers can adopt best practices for cybersecurity.
Yet Davis maintained legislation still is needed to improve public-private information sharing on cyber attacks as well as cybersecurity standards for critical-infrastructure providers.
“Legislation is the only way to (address) these challenges in a comprehensive manner,” he said. “It hasn’t worked so far. So the administration is doing what it can through executive order and policy. But we’re still hopeful…and we’re still actively working with Congress in order to work towards a comprehensive” legislative solution.