We’re in the Midst of a Cyber War, But One We Can Win
By Gail Harris
We [the U.S.] are in an undeclared cyber war; one that could at anytime bring our nation to its knees. Reported incidents of malicious cyber activity against the Department of Defense (DoD) reached 43,880 in 2007 and 54,640 in 2008--a 20 percent increase. In the first six months of 2009 there were 43,785. Projecting out to the end of the year we’re looking at a 60 percent increase compared to 2008. 
One incident in particular is very disturbing. In 2008, United States Central Command (Centcom), in charge of the conflicts in Afghanistan and Iraq, came under attack.  In a 60 Minutes interview, Jim Lewis, Director and Senior Fellow of the Technology and Public Policy Program of the Center for Strategic Studies, discussed the incident stating the unknown foreign adversaries were able to imbed themselves in the Centcom networks. “They could see what the traffic was. They could read documents. They could interfere with things. It was like they were part of the American military command.”
In spite of the Herculean efforts by many, government officials continue to voice concerns that not enough is being done and efforts are fragmented. United States Strategic Command (Stratcom) is the DoD cyber lead but is responsible for DoD networks only. The Department of Homeland security is responsible for defense of the civilian government infrastructure and can call on support from Stratcom as needed; but, the question of who is responsible for protecting the rest of America has yet to be solved. 
Perhaps those working the issue today might find some inspiration in studying lessons learned from one of the greatest collaboration success stories never told. In August 1999 I was assigned to United States Space Command’s (Spacecom), the initial DoD cyber lead. My task was development of the cyber intelligence architecture for all of DoD. In laymen’s terms this meant designing the role intelligence would play. This would involve working with and building a consensus among over 30 different DoD commands as well as the intelligence agencies.
Although there were pockets of dedicated intelligence professionals doing great things at various commands and organizations, there were no community wide agreement in place that defined the roles and missions. There was no plan in place to determine how the community would handle reporting and analysis on cyber threats, no intelligence information collection plan nor was a system set up to share intelligence database s on cyber threats. There had been various attempts over the preceding two years to build a consensus but those efforts had met with only limited success. Many felt the problem was unsolvable.
I encountered several obstacles. First, I found myself in the midst of a firestorm dealing with some very angry and frustrated people. Although Spacecom would not actually assume the cyberspace mission until October 1999, many felt the intelligence people in the command had been given enough lead time that some preparation should have been done ahead of time. There were some who feared Spacecom would develop the intelligence architecture without consulting with anyone. There was also lots of political infighting with various individuals and organizations fighting over who should really be in charge of the intelligence architecture development. Some of the individual organizations had developed solutions they were happy with and were afraid of change. There was a lot of “mine is better than yours” mentality. Others didn’t want outside intelligence organizations accessing their computers and data.
The anger was also fueled by a tremendous sense of urgency. Real world events coupled with the results of a high profile war game, “Eligible Receiver 97” caused many within the community to fear our nation would suffer a cyber Pearl Harbor if we did not get our act together soon.
“Eligible Receiver 97” was the first large-scale military exercise designed to test U.S. response to an attack on both the military and civilian infrastructure. During the exercise NSA personnel were able to inflict a large amount of simulated damage on DoD networks as well as power grids and 911 systems in major U.S. cities.  There was one incident called Moonlight Maze that sent chills up and down the spines of the community. "U.S. officials accidentally discovered a pattern of probing of computer systems at the Pentagon, NASA, Energy Department, private universities, and research labs that had begun in March 1998 and had been going on for nearly two years...the invaders were systematically marauding through tens of thousands of files. The Defense Department traced the trail back to a mainframe computer in the former Soviet Union…Russia denies any involvement." 
Second, there were many within the intelligence community, probably motivated by budgetary concerns, who did not believe cyberspace was an intelligence problem. They felt it was an issue the communications and information technology specialists within DoD needed to resolve. The Clinton administration had made significant cuts in the intelligence budget after the fall of the Former Soviet Union. With reduced assets and personnel, some found themselves hard pressed to deal with the traditional intelligence issues without adding yet another intelligence problem in the mix.
Opposing that view were those who believed cyber weapons were simply the newest forms of weapons and like the more traditional threats posed by enemy aircraft, ships, missiles, etc; could cause some very significant damage especially to nations like the U.S. that are so heavily dependent on technology supported by the internet. At the time something like 70% of DoD communications at some point in their transmission path went over the internet and were thus very vulnerable to disruption.
It followed then that just as the intelligence community tracked the capability of potential enemies to use these and other weapons against us, the intelligence community should also focus on the capability of nations and transnational organizations to use cyberspace against us. As always, the role of intelligence would be to support the decision-maker by providing necessary threat information in the time and format required to make decisions. This support would not just be working with the traditional customers of military intelligence, the war-fighters but also the people responsible for maintaining our communications networks as well as well as those responsible for monitoring threats to our critical civilian infrastructures. In business parlance the intelligence community would need to expand its customer base.
The Spacecom intelligence staff decided the problem was so huge that the best tactic was to approach it like the old joke: “How do you eat an elephant? Answer: One bite at a time”. We decided to host a conference and put together working groups composed of people from all DoD commands and organizations as well as the major intelligence organizations and industry representatives.
The focus of the conference was to have three working groups, each focused on one problem. The first would determine what type of information the intelligence community should be looking to collect in order to determine cyber capabilities of potential enemies. The second group would look at the cyber intelligence database issue. In order to provide the best support everyone in the intelligence community needed to use the same or interoperable databases so that information could be easily shared or retrieved. The third group would look at the intelligence reporting issue. When and how would intelligence reports be sent out on computer incidents?
The conference was a success. In just one week we were able to solve problems that people had not been able to solve over the preceding two years. It was actually pretty simple but that didn’t mean it was easy. First, we asked the commands to only send individuals who were authorized to make decisions for their command. Second, at the start of the conference we reminded everyone what our purpose was as a community. Intelligence exists only to support the decision maker. There lies our true loyalty and purpose.
Third, we set up a rule that if during the course of discussions an individual brought up a problem, in the next breath he or she had to give a recommended solution. Fourth, each day the working group chairs had to give a report to the senior Spacecom Intelligence Officer, Captain Mike Kuhn, on their daily progress and on any issues that came up. This was critical as his presence showed the high priority Spacecom was making towards these efforts.
Fifth, we arranged for the working group chairs to provide detailed briefing to senior leaders of the intelligence community via video conferencing at the end of the week. We counted on both the professional pride of attendees and a reluctance to appear ineffective in front of the leaders of the community to make them want to succeed.
Sixth, each of the working groups was lead by individuals from other commands. This showed Spacecom was really serious about consensus building. The Spacecom intelligence staff attitude was best personified by a Harry Truman quote: “It’s amazing what you can accomplish if you do not care who gets the credit.”
Seventh, the Working Group Chairs kept their groups together long after the conference ended following up on all of the action items. Particular mention should be made of the extraordinary efforts of Captain Terry Roberts, Captain, USN (Retired) and Commander Bob Gourley, USN (Retired) who co-chaired the Database Working Group and Don Lewis who chaired the Reporting Working Group.
Don Lewis, now retired from the Defense Intelligence Agency, told me as he attended Cyber Conferences in the years following our effort, he was frequently asked to give a presentation detailing our early efforts. People were always amazed and inspired that so many different organizations were able to work together so well.
I read with a sense of pride the March 2009 House Armed Services Committee Testimony of General Kevin Chilton, Commander-in-Chief of Stratcom. “…what we have been asked to do…is to operate and defend the military networks only and be prepared to attack in cyberspace when directed. But day in and day out, our focus is on operating and defending our networks. And that takes a close relationship with the intelligence community. We rely tremendously on support from the intelligence community.”
When you are a nation at war, even an undeclared one, you need to motivate people to think beyond their organizations or companies and focus on winning the war. We need only look only at our history for inspiration. During World War II, by the end of the first year of war, our country had raised its arms production to total of all three enemy powers put together, and by 1944 had doubled it again. To the more cynical I would say you cannot tell me there is not a business case that can be made to fight cyber threats. This is a war we can win…but only if approached with strong centralized leadership and lots of good old American ingenuity.
Gail Harris’ 28 year career in intelligence has included hands-on leadership during every major conflict from the Cold War to El Salvador to Desert Storm to Kosovo and at the forefront of one of the Department of Defense’s newest challenges, Cyber Warfare. Her book, 'A Woman's War', is published by Scarecrow Press and is available on Amazon.com.
1. 2009 Report to Congress of the U.S. China Economic and Security Review Commission, page 168. Available at http://www.uscc.gov/annual_report/2009/09_annual_report.php. Accessed November 30, 2009.
2. Rebecca Grant, “The Cyber Menace.” Airforce-magazine.com. Available at www.airforce-magazine.com/MagazineArchive?pages.2009/March%202009/0309cy..accessed 12/6/2009.
3. Steve Kroft, reporter, www.cbsnews.com/stories/2009/11/06/60minutes/main5555565.shtml Accessed 12/5/2009.
4. General Kevin P. Chilton, Commander-in-Chief United States Strategic Command, Washington D.C. House Armed Services Committee Testimony, www.stratcom.mil/speeches/21/House_Armed Services Committee Testimony 12/5/2009.
5. Interview with former Deputy Secretary of Defense John Hamre conducted Feb. 18, 2003, www.pbs.org/wgbh/pages/frontline/shows/cyberwar/warnings, Info published Apr. 24, 2003. Accessed 11/30/2009.
6. Interview with John Arquilla, Associate Professor of Defense Analysis at the Naval Post Graduate School. Interview conducted Mar. 4, 2003. Info published Apr. 24, 2003. www.pbs.org/wgbh/pages/frontline/shows/cyberwar/warnings.
7. www.quotegarden.com/goals.html. Accessed December 7, 2009.
8. House Armed Services Committee Testimony, General Kevin P. Chilton, Washington, D.C., 3/17, 2009. www.stratcom.mil/speeches/21/House_Armed_Services-Committee_Testimony accessed 12/5/2009.
|Comments in Chronological order (0 total comments)