Military Command Is Created For Cyber Security (Wall Street Journal)

Military Command Is Created For Cyber Security

Wall Street Journal, 24 June 2009

Siobhan Gorman and Yochi Dreazen

WASHINGTON -- Defense Secretary Robert Gates created a new military command dedicated to cyber security on Tuesday, reflecting the Obama administration's plans to centralize and elevate computer security as a major national-security issue.

In a memo to senior Pentagon officials, Mr. Gates said he intends to recommend that Lt. Gen. Keith Alexander, director of the National Security Agency, take on the additional role as commander of the Cyber Command with the rank of a four-star general.

The decision follows President Barack Obama's announcement last month that he will establish a new cyber-security office at the White House, whose chief will coordinate all government efforts to protect computer networks. The Pentagon initiative will reshape the military's efforts to protect networks from attacks by hackers, especially those from China and Russia. It also consolidates the largest concentration of cyber warriors and investigators in the government under one military command, exacerbating concerns of some experts who worry about military control of civilian computer systems.

The new command will at least initially be part of the Pentagon's Strategic Command, which is responsible for computer-network security and other missions. The command is meant to begin working by October and to be fully operating by October 2010.

In announcing its creation, defense officials took pains to stress it would focus solely on military networks. The Pentagon has been defending against outside suggestions that military personnel could be monitoring civilian computer networks.

"This is an internal reorganization," said Air Force Lt. Col. Eric Butterbaugh, a Pentagon spokesman. "It's about the department improving its focus on military networks to better consolidate and streamline [Pentagon] cyber capabilities into a single command."

The Pentagon, which is already receiving the vast majority of new government spending on cybersecurity, has thousands of cyber warriors, many of whom are expected to be housed under the new command, which is likely to be next door to the NSA's Ft. Mead, Md., campus, according to Mr. Gates's memo. Mr. Gates's 2010 budget envisions training and graduating more than 200 cyber-security officers annually.

By comparison, the Department of Homeland Security has 100 employees dedicated to civilian cyber security, with plans to reach 260 next year.

Rod Beckstrom, former chief of the National Cyber Security Center, which is charged with coordinating cyber-security activities across the U.S. government, quit in March, warning in his resignation letter that the growing reliance on the NSA was a "bad strategy" that poses "threats to our democratic processes."

Homeland Security officials said they are still responsible for protecting all civilian networks, though a department spokeswoman declined to speak specifically about the Cyber Command.

"It is the view in the White House that the Department of Homeland Security will continue to play an absolutely essential role in the protection of America's cyber infrastructure," said Rand Beers, who was nominated to be Homeland Security's undersecretary overseeing cybersecurity, at his confirmation hearing this month.

Maren Leed, a cyber-security expert at the Center for Strategic and International Studies, said the military's closed computer networks could make it easier for the new command to focus solely on Pentagon systems.

Ms. Leed, a Pentagon special assistant on cyber operations from 2005 to 2008, said the narrow focus could leave vital national networks still vulnerable to outside attacks and intrusions.

"The question is whether the DoD protecting its own networks is sufficient to protect our national-security imperatives, and I would say no," she said. "The overwhelming majority of cyber traffic isn't on government networks."