Home » Uncategorized » Cyber Debate: Which Way DISA

Cyber Debate: Which Way DISA

By Colin Clark Tuesday, March 17th, 2009 2:01 pm
Posted in Uncategorized

There is one month left before the government-wide cyber review ends. Defense Secretary Robert Gates is expected to announce a four-star combatant commander to run cyber warfare soon after that review is finished.

Our story about a cyber COCOM sparked a rollicking debate about the roles of DISA and, to a lesser degree, NSA and STRATCOM. While I can’t identify who the posts came from, I can tell you that several of them came from practitioners of these dark arts.

In the hopes of driving the debate even further, here are some of the comments, with observations.

John Schrader, a colonel, said the country does need a cyber COCOM, but it should be kept within the current organizational structure. Since the Unified Command plan places cyber under STRATCOM he proposes making the cyber COCOM “a Sub-Unified Command of STRATCOM. It will be multi service and have its own component commands. The services will train and equip in order to present forces to the cyber commander who lives within the strategic context of STRATCOM with all the advantages of cross COCOM operational authority.”

While I understand John’s commitment to the UCP, I think he ignores the very real chain of command concerns that having a four star report to another four star. While you can get anyone to do anything within reason, I think it would dangerously muddy the chain of command.

He recommends taking DISA’s Joint Task Force-Global Network Operations and expanding it. He argues that this “comes with a staff structure and one dimension of cyber built it.”

But very few people I’ve spoke with in either the military or intelligence worlds believes that DISA is the right place to park such responsibilities, especially as long as NSA continues to throw its weight around. John argues that we should keep “NSA doing what it does best…it becomes a force provider.” But, with all respect, to expect NSA to provide much of the muscle and therefore the money and expect the biggest chunk of the IC to just do what the regular military tells it to do is to ignore most of the last five years of conflict between these groups.

Create an industry council as part of the command group that engages and involves industry.

I’m afraid I’m more in line with Joe’s thinking on this one.. He says, “DISA is a horrible choice for this. DISA is a bloated bureaucratic nightmare who cannot get any project of not completed without inflating the price tag beyond anything reasonable. They are shamed by any commercial counterpart, and a laughing stock everywhere else.”

Sinlock also think DISA is “a horrible choice. You need to ask yourselves this. If the 40 some odd security vendors and companies out there cannot solve the problem (detect rates) and they employ the best in the business how in the heck do you think the DOD or intel agencies can?”

Caine weighs in, believing that “the Intel and DoD communities have the cream of the security crop” but are “hampered and hamstrung by horribly outdated and bureaucratic processes.”

Take all this, compress it and I think you come up with several clear answers. One, we need a cyber COCOM with clear command responsibilities and his own troops. Forcing him to rely on NSA personnel will only prolong the already fatiguing fight between NSA, DoD and DHS.

Make sure that whoever gets final civilian authority to lead cyber activities in the federal government is given clear lines of funding and operational authority. DoD has to be able to exercise its Title 10 responsibilities without getting mired in battles between it, the IC and DHS.

I’m betting our readers know more about these issues than most because of your knowledge of the military and IC. Let’s hear your thoughts.

This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.

Join the Conversation

	Bob King March 17th, 2009 at 2:23 pm I referenced your New Cyber COCOM Likely (6 Mar 2008) post in the article “Cyber Command — Why stop there?” @ http://tinyurl.com/CyberSpaceForce suggesting not just a Combatant Commander, but a consolidate of redundant capabilities into an entirely new service. That post includes references to others writing about this subject. The comments to the article include several perspectives, including one that is NSA-centric. A discussion thread at the Small Wars Journal on this subject is at http://tinyurl.com/SWJ-CyberForceDiscussion
	Mr Dan Purdy March 18th, 2009 at 11:47 am Is cyberwarfare a DoD responsibility or not? Under the UCP, only CCDRs exercise combatant command (command authority). Therefore, a CCDR needs to be in charge of cyberwarfare, with the legal authority to direct offensive cyberwarfare activities. DISA is a communications provider, and should not be in the offensive cyberwarfare business. The NSA’s mission is to provide IA and SIGINT. They should not be in the offensive cyberwarfare business either. Only DoD. So let’s stand up a new cyber combatant command, with a CCDR who can legally “pull the trigger” when it’s time to conduct offensive cyberwarfare. And that time is near…
	TJ Madden March 18th, 2009 at 2:20 pm JTF-GNO is not DISA’s; it is a Component Command of USSTRATCOM. The Director DISA is dual-hatted as Commander JTF-GNO.
	Robert Edwards March 19th, 2009 at 5:48 am What about this CyberSecurity Czar thing? Is the Czar the Federal CIO and what happened to the Administrator of the Information and Technology Branch of the Office of Management and Budget (OMB) that is supposed to be the liaison between industry, Government and the Military as identified in FISMA. Would this position be in charge of such an organization and have reponsibilities to the Computer Network Operations (CNO) broken into two parts listed as Computer Network Attack (CNA) and Computer Network Defense (CND) or should they be listed Cyber Network Attack/Defense (CNA/CND).
	Sam Arwood March 22nd, 2009 at 3:04 am You really need to go to this web site http://www.afit.edu/CCR/Publications.cfm and download the paper titled “Cyberspace as a Theater of Conflict: Federal Law, National Strategy and The Departments of Defense and Homeland Security” it will change your point of view on several COCOM-DISA-Service relationship issues.
	Gary Elliott, M.S., PMP, NSA 4011 March 24th, 2009 at 11:01 am More importantly, the NSA is the only ODNI and DoD group that can reach across and into other Federal Departments and then further into the private sector. Cybersecurity is a national concern. The role of the NSA, as the knowledge leader Line of Business (LOB), with the Cultural, Personality, Behavioral, Knowledge, Process and Technology (CPB-KPT) knowledge to be able to logically integrate these higher level functions, is central to long lifecycles (peacetime) and very, very short (wartime) lifecycles. The chain of command has to reflect both peacetime and wartime scenarios. And it has to reflect Federal and Private Civilian scenarios. Again the NSA can be the LOB in these areas. As to chain of command above the technology, process and knowledge levels, there is a need for a Cyberwarfare COCOM on the National Security Council to drive this (with JCS and STRATCOM) within the DoD (and DISA). But there is also a need for a separate CSIA expert to report directly to the President of the USA until this Cyberwarfare, Cybersecurity, Cyberintelligence and CyberInformation Assurance initiative is properly implemented. The CSIA expert should be a civilian who can also make sure that these 4 Cyber areas are implemented in the Federal Systems and in the Private Sector under the National Infrastructure Protection Plan (NIPP) (in Peacetime). The DoD or the ONDI can not be the public or probably the Federal Sectors implementers, but the NSA can be the pivot in the framework able to swing between the ODNI, DOD, Federal Sectors (DHS, DoJ (CNCI) and the rest of the Federal Depts) and then also be in the private sector. Although Admiral Dennis Blair is an expert in SE Asia, he seems to have a very, very strong understanding of the true needs to not only implement but also make a Cyberwarfare, CyberIntelligence, CyberSecurity and Cyber Information Assurance system function. Bravo, that there is someone in this key position that real “Does Get It”.
	Peter Bartram March 30th, 2009 at 1:02 pm I believe that while this dispute of DoD, NSA, DHS cyberauthority is going on, millions of documents are flowing out of the country due to compromised computers and networks and massive damage to the US economy continues. One place to start is to build a US Cyberborder, not a great firewall but a cyberborder. A possible a US Cyberborder would need to do a few things very well: 1) It would need to let terabits of all types of IP traffic flow freely both ways at line rate speeds. 2) It would need to protect US public and private networks from overseas based DoS, Worm, and Botnet attacks…the major significant common benefit. 3) It would need to maintain US privacy standards on all data flows with FISA exceptions. 4) It would need to provide netflow traffic visibility to the recipients (NSA, DoD, DHS and the private carrier) via a quad mirror view of the flow data…meaning a SNMP view of the realtime netflows (not detailed DPI where privacy concerns would be a factor) of percentages of P2P traffic, percentages of http, of voip, ftp, etc. The private carrier would only get a view of data from the devices on their submarine cable connections, not that of other providers. DHS, NSA and DoD would each build unique national views of that same data with mission enhancement overlays so that privacy of data is maintained, FISA exceptions are allowed and escalations of DoS threats arriving inbound via multiple providers networks against public and private networks are seen proactively and defended successfully. 5) It could provide a layer 3 screen for network islands of trust (AKA Internet Commons) internal to the national perimeter so that the national islands of trust would be unreachable to outside attackers via short IPv6 inbound ACLs. 6) There would need to be two different Cyberborder architecture designs: The carrier Cyberborder architecture would have to support MPLS. The other Cyberborder architecture would be a private network Cyberborder architecture without MPLS. The carrier architecture would use the carrier’s routers for Layer 3 ACLs, and the private architecture could use a device that combines the IP flow management with the Layer 3 filters. Both designs would have Anagran devices for Layer 2 line rate netflow visibility. Customization of each design for specific networks would have to be possible. 7) Individual network elements that combine to form the national Cyberborder would have almost zero maintenance requirements on the networks (99.999%- five 9s uptime). A Cyberborder network architecture would always be positioned to accommodate increasing international traffic volume so the individual cyberborder elements scale equally with the carrier’s or private network’s bandwidth requirements. 9) A DHS Cyberborder Network Operations Center (NOC) would require a national out-of-band low latency WAN architecture to backhaul the border flow visibility data and communicate out-of-band with the border flow devices. The WAN would have to be created using multiple providers (preferably with dark fiber), be physically diverse, and separated from all of the Cyberborder submarine cables and terrestrial links and their traffic. Rapid revisions to mitigate hostile network flows in the event of attack(s) would be deployed via the Cyberborder WAN. 10) The US cyberborder should also function as an early warning alert system for rising threats in a major cyberattack against critical US infrastructure from nation states, cybercriminals, and cyberterrorists. This subset of ideas for the design of a border architecture are spun out from a paper I’ve been working on called a “A Logical Framework for a United States Internet Commons Architecture”.