The U.S. military’s top cyber commander last Friday hinted that his forces need to grow, telling a House panel that he faces new missions, the continued expansion of cyber threats, and constant cyber operations by America’s adversaries below levels of actual combat.
Gen. Paul Nakasone, commander of U.S. Cyber Command, said he wouldn’t get ahead of President Joe Biden’s forthcoming defense budget request for fiscal year 2022, but said that over the past year he has gathered and analyzed the necessary data to make a determination on the future size of the Cyber Mission Forces.
“In general terms, I would anticipate that as we lay out the case, we have to look at some critical elements that will influence the future size of the cyber mission force, now 133 teams,” Nakasone said in reply to a question from Rep. Jim Langevin (D-R.I.), chairman of the House Armed Services Committee’s panel that oversees the Defense Department’s cyber policies and operations, about having the “relevant data” to decide on the future size of his forces. “In the future, we have to account for the growing importance of space. I think we have to account for the importance of what we’re seeing with malign cyber actors, whether or not its Russian cyber actors, Chinese cyber actors, Iranian cyber actors and their intent.”
U.S. Cyber Command declined to comment when asked what measures it is taking to protect space systems, such as GPS, from cyber attack, but it appears that a zero trust architecture is one line of effort. Last September, the Air Force Research Laboratory through AFWERX awarded California-based Xage Security a contract for end-to-end satellite data protection for the U.S. Space Force–a solution that utilizes Xage’s blockchain technology.
At the May 14 hearing, Nakasone also discussed the need for the U.S. to protect cyber systems from “gray zone” aggressions short of war.
“We are in a period of strategic competition, and I think the word is competition,” he testified. “So, we have to have that balance of not only what we are doing to support our fellow combatant commands if conflict was to breakout, but also if our adversaries are operating below the level of armed conflict every single day, what type of force do we need to be able to ensure that we need to counteract that, much in the same way that we have done in our support to the national elections.”
In the 2018 congressional elections and 2020 presidential and national elections, U.S. Cyber Command worked to disrupt attempts by Russian and other actors to interfere with the outcomes and potentially compromise election infrastructure.
Ahead of the 2020 elections, Nakasone said in his opening remarks that his command “conducted more than two dozen operations to get ahead of foreign threats before they interfered with or influenced our elections.”
Speaking to the growing threat, Nakasone cited the spate of recently disclosed attacks involving the software supply chain, a Microsoft [MSFT] Exchange Server hack, and the Colonial Pipeline ransomware attack.
“These cases demonstrate the broadening scope, scale and sophistication employed by some adversaries,” Nakasone said. “The United States government, in tandem with industry partners, must improve it defensive posture to prevent and or minimize the impacts while contesting and defeating those who would exploit such vulnerabilities and target American companies and citizens.”
Langevin, in his opening statement, said the Defense Department isn’t making cyber the priority it needs to be.
Highlighting the various recent cyber hacks and attacks, Langevin said, “Yet incredibly, it still appears to this committee that cyber does not have the focus from much of the department’s senior uniformed and civilian leadership that it requires, despite our forces engaging adversaries in this domain every single day. Recently, the Air Force removed cyber from its mission statement even though a report from the Office of the Secretary of Defense concluded that the inclusion of cyber in the Air Force mission statement is the single reason why Air Force personnel have vastly outpaced the other services in pursuing cyber-related certifications.”
Langevin said that he and his colleagues on the subcommittee, as well as Nakasone and Mieke Eoyang, deputy assistant secretary of defense for cyber policy, who also testified at the hearing, “are fighting an uphill battle to put cyber front and center in the department.” He pointed out that military services are each led by a civilian secretary but that Eoyang sits “four rungs lower than her counterparts overseeing the other domains.”
Rep. Mike Gallagher (R-Wisc.), the subcommittee’s ranking member, said he hopes the forthcoming FY ’22 budget request invests in the cyber mission forces and related cyber infrastructure such as technology and human capital. He also said that Congress needs to consider terminating “out of date” legacy military platforms to invest in “emerging technologies and cyber.”