Saturday, June 27, 2009

U.S. Cyber Command: 404 Error, Mission Not (Yet) Found (Danger Room)

U.S. Cyber Command: 404 Error, Mission Not (Yet) Found

080429-f-2907c-222

Earlier this week, Defense Secretary Robert Gates ordered the military to start setting up a new "U.S. Cyber Command." It's a move that's been discussed in defense circles for more than a year. But despite the announcement — and despite the lengthy debate – no one in the military-industrial complex seems all that sure what this new fighting force is supposed to do, exactly.

Officially, the Pentagon still has a few months to figure things out. Gates told his troops in a Tuesday memo that they have until September 1st to come up with an "implementation plan" for the new command. But there's a ton to figure out in the next ten weeks. As Gates notes, that plan will have to "delineate USCYBERCOM's mission, roles and responsibilities," detail the command's "minimum requirements" to get up and running, and sort out its "relationships" with the rest of the military – and the rest of the government.

In other words, just about everything.

Let me paraphrase a series of conversations I've had this week with people working on this new command: Is CYBERCOM supposed to be a new fighting force, a glorified IT department, an intelligence agency, or what? Mmmmm, unclear, to be determined. If it's a fighting force, how much offense or defense will it play? To be determined. And what does cyber defense really mean, these days? TBD. If it's an intelligence agency, how far will the command go to protect civil liberties? To snoop on everyone, in the name of network security? TBD. TBD.

Further complicating matters is that CYBERCOM might significantly reorder how the Pentagon organizes its geek brigades. (Or not. That's TBD, too.) Each of the armed services already employs thousands of people to keep its data and communications networks flowing. The Defense Department already has an in-house shop, dedicated to building and maintaining its networks: the Defense Information Systems Agency, or DISA. It has also has a far-flung group of cybersnoops, counter-snoops, and network attackers; that would be the National Security Agency, or NSA.

How exactly all these agencies will combine — or whether they will combine at all — is one of the many CYBERCOM questions still left unanswered. (Another: what does a recent and classified National Intelligence Estimate on cyber security recommend.) But already, there's tough talk in and around the Pentagon of budgets being defended, and personnel being kept.

When the Air Force tried to establish a cyber command of its own, it touched off an internecine scramble within the service. None of the units wanted to surrender cash or crew to the new agency. A veteran of that fight predicts there will be a similiar fight, surrounding CYBERCOM. "They're gonna to look at the new command as a gigantic beast to be slain – the son of a bitch who's gonna take my money and my people," this former senior military official says. "The new command is gonna look at them and see — food."

One thing that is pretty clear: NSA will be leading this emerging command. Gates is recommending thatNSA Director Lt. Gen. Keith Alexander also become the head of the new network force — and get a fourth star. Gates is also suggests that the command set up its headquarters somewhere mighty convenient for Alexander: Ft. Meade, Marlyand, home of the NSA.

The clandestine agency — renown in the military for its geeky skills, and infamous among civil libertarians for its widespread monitoring of Americans' communications — may also come to dominate the wider government cyber defense effort, as well. Under the president's recently-announced (and also pretty vague) network protection plan, the Department of Homeland Security is theoretically responsible for coordinating the network defense of the civilian government, and of the country's critical infrastructure. But DHS doesn't have nearly the technical brains or the financial brawn of the Defense Department and the NSA. Just look at the two departments' budgets for next year. As the Wall Street Journal notes, the Pentagon is planning to train "more than 200 cyber-security officers annually. By comparison, the Department of Homeland Security has 100 employees dedicated to civilian cyber security, with plans to reach 260 next year."

Which is why Homeland Security chief Janet Napolitano says that "NSA will provide technical assistance, both to DOD [Department of Defense] and to us."

"That is the structure of the cyber policy plan that the president announced, so we absolutely intend to use the technical resources, the substantial ones that NSA has," she tells Danger Room.

Alexander has said explicitly that he does "not want to run cyber security for the United States government." But could that wind up happening away — throwing a cloak of secrecy over all of network defense? TBD.

No comments: