You are the commander of Strategic Command, charged with coming up with an implementation plan for the new cyber command within 60 days. But there’s going to be a new head of cyber command, a four-star just like you, and Lt. Gen. Keith Alexander has the Big Mo on his side. And Alexander is known as an almost crazily foxy guy who has rebuilt the NSA and will be largely dependent on folks from NSA for most of his capabilities. Air Force Gen. Kevin Chilton is known as one of the brainiest generals around. Hmmm. Who’s going to win this bureaucratic game will be great fun to watch.
For some idea of just what may lie ahead, have a look at this April 7 speech by Chilton, which has been quoted by the two cyber warriors with whom I speak. This is not about improving the country’s IT capabilities in terms of efficiency and information sharing. This is about life and death on the battlefield.
“It’s not a convenience any more, it’s a dependency. We need to recognize that we need this domain and we need these systems to conduct our fight today and tomorrow. We need to recognize that we can fight in this domain just as an air-to-air fighter can fight in the air domain; and we can fight through this domain and affect other domains just as an airplane can drop a bomb on a land domain and create affects across a domain. And as commanders we must appreciate the vulnerability of this domain, not just its importance. We have to transition from a culture of convenience to a culture of responsibility. We must recognize vulnerability — the vulnerability that one system can create here on the other side of the world, not just locally,” Chilton said. For more on this, have a look at Kevin Coleman’s piece below from Defense Tech.
Last week Defense Secretary Robert Gates ordered U.S. Strategic Command (StratCom) to deliver a plan to stand-up a new command to oversee information technology security and attack – what would be known as “Cyber Command.” This is in addition to President Obama’s announcement last month that he will establish a new cyber security office at the White House. The historic event took place on Tuesday, June 22nd.
As one could imagine, this is no small task. StratCom has just a little over sixty days to accomplish this mission. The plan to create this new entity operating within the Department of Defense and lead by a 4-star general is due to the Defense Secretary by September 1st. According to Gates’ timeline, Cyber Command is expected to be up and operational by October 1, 2009, and fully functional one year later. An internal memo from Gates to senior Pentagon officials stated that he intends to recommend that Lt. Gen. Keith Alexander, the current director of the National Security Agency, take on the role as commander of the Cyber Command with the rank of a four-star general.
What this will actually cost is anyone’s guess. Current thinking is that the budget to just establish the new command through year’s end could reach as high as $200 million. Longer term, the cost of cyber intelligence, defense and offensive capabilities are estimated to be around $55 billion annually. This will create our offensive cyber forces and capabilities and defend the over 100,000 DoD Networks and 5 million DoD computers against cyber attack. One might say it is just a drop in the bucket of a 2009 DoD budget that topped $515 billion.
The United States is not the only country making this move. The UK defense ministry announced plans to establish an office of cyber attack and defense but gave no hard date when it would be operational. Britain’s GCHQ (Government Communications Headquarters, their equivalent of the NSA) seems to be well underway in fully developing their cyber capabilities. In addition, the defense ministry of South Korea has also announced plans to establish a cyber command by 2012.
Internal cooperation is critical for cyber incident investigations and event attribution. As more and more countries establish a focal point for cyber defense, the greater the opportunity to conduct these investigations and accurately identify those behind cyber attacks.