Cyber is Major Symposium Subject

Cyberspace was a major topic at the 26th National Space Symposium with two major program elements. The new Cyber 1.0 event had a strong debut, with more than 500 attendees deeply engaged in a program that explored the realm of cyberspace, and its impact on military operations and civilian life, national security, commerce, and communications. Then, on the main agenda, the Intersection of Space and Cyber Panel explored the topic for the full Symposium audience.

Kehler Kicks Off the Cyber 1.0 Program
Air Force Space Command Commander Gen. C. Robert Kehler, USAF, kicked off the Cyber 1.0 program, which was moderated by Joshua Harris, principle, Toffler Associates.

Kehler explained Air Force Space Command’s newly acquired responsibility for cyberspace, saying, “Something happens at the intersection of space and cyberspace and we need to recognize the advantages of having these two items in the same command.”

Kehler said that the 24th Air Force was created as an operational entity with a focus on cyberspace and that the 24th Air Force commander is also the commander of the Air Force network. He outlined several objectives for cyberspace:

• Speeding up the acquisition process using a tiered process and possibly putting acquisition authority at the unit level
• Focusing on mission assurance rather than attempting to defend the entire network
• Including cyber defense blocks in basic training so that “every airman will be a cyber airman”

Kehler said that, although cyberspace is a new responsibility, Air Force Space Command is “ready to be ready,” adding that there is a lot of room for discovery: “USAF has postured itself very well for the future.”

Pulham Defines Cyberspace
Space Foundation Chief Executive Officer Elliot Pulham followed Kehler, discussing the definition of cyberspace, saying that the Air Force has three domains, “air – mach speed; space – escape velocities; and cyber – the speed of light.”

Cyber 1.0 Keynoter McConnell Discusses Risk
“The nation is at significant strategic risk,” according to the Honorable John M. “Mike” McConnell, USN (Retired), executive vice president, Booz Allen Hamilton, and former director of national intelligence.

In his keynote remarks, McConnell explained that the threat is broader than passive data gathering. He said his concern is active attacks upon U.S. strategic interests; for example, attacks on the infrastructure of banks or insurance companies,

One of the issues of protecting strategic assets, according to McConnell, is creating an integrated solution: “NSA is allowed to exploit, DoD is in charge of attack, DHS is in charge of protecting the nation, but, in cyber, these activities are very closely related.”

The biggest issue is not nation states, which can be naturally deterred, McConnell said, but extremists who want to destroy the system. “A terrorist attack on a bank could have a greater order of magnitude economic impact than the 9-11 attacks.

“We have a threat that is of strategic importance to the nation and we need to think about how to support government, commercial, and private industry.”

He said that exploitation is the enabling capability and that the U.S. needs to build on this capability: “exploit, attack, and defense are all important.”

McAfee Exec Provides Advice
Michael Gallagher, chief technology officer of global threat intelligence for McAfee, Inc., spoke about “The Cyber Reality,” saying that more than 20 countries are armed for pro-active cyber-warfare and that, in 2009, McAfee identified more malware than in every year prior combined. But, he added, arrest and prosecution “appear to be non-existent.”

Gallagher explained the evolution of threat detection:

• First – react using signature-based defenses
• Second – create real-time updates reacting to queries
• Third – predict threats

He provided advice to the audience:

• Understand how the threat detection for security products is being created and delivered
• Ask security vendors about the global threat intelligence principles
• Have plans in place and tested to thwart attacks before they occur

Panel Looks at Military Responsibilities
The AFSPACE and Cyber – 24th Air Force, the Guard and Reserve panel, moderated by Brig. Gen. Robert D. Rego, USAFR, mobilization assistant to the director of Air, Space and Cyberspace Operations, Air Force Space Command, included:

• Col. Theresa Giorlando, USAF, commander, 689th Combat Communications Wing
• Maj. Gen. Emil Lassen, USANG, Air National Guard assistant to the commander, Air Force Space Command
• Col. B. J. Shwedo, commander, 67th Network Wing
• Col. Robert J. Skinner, USAF, Commander, 688th Information Operations Wing

Key points from the panelists included:

• Cyberspace is a critical global domain and the only man-made operational domain
• It is important to integrate common mission areas conducted across domains, and focus on mission assurance rather than network assurance
• The 24th Air Force’s mission is to extend, operate, and defend the Air Force portion of the DoD network and to provide full spectrum capabilities for the joint warfighter commands in, through, and from cyberspace; initial focus will include building cyber situational awareness, creating mission assurance paradigm, growing capacity, and more
• The 9,100 highly trained and skilled cyber professionals in the international guard serve as a force multiplier
• The 67th Network Wing conducts the full range of network warfare – full spectrum ops (use), net defense (control), and network operations (establish)
• The net-defense way ahead involves integrated and active network defense, prediction and prevention based on actionable intelligence
• 688th Information Operations Wing has 24-hour-a-day 365-day-a-year presence around the world; last year’s 130 “real-time” capabilities – the 688th’s focus area – is about three times more than the year before
• The way ahead will focus on mission assurance, holistic assessments, predictive behavior, influence operations, and cyber integration
• Combat communications will double the number of airmen out the door because of bare base needs

Butler Calls For Cooperation
Robert J. Butler, deputy assistant secretary of defense for cyber and space policy, featured speaker at the Cyber 1.0 luncheon, said the DoD is in the process of developing the Cyber 3.0 strategy, adding that the DoD needs the help of partners to solve problems.

“Cyberspace is a domain, and we’re in it together sharing value and risk,” he said, adding that we must, “make efforts to work together on collective security, financial transactions, supply chain, power, transportation, and so forth.”

He said it is important to understand how the threat has scaled, constantly revealing new problems, such as UAV links being intercepted and medical records being stolen.

Butler said partnerships are important to the future – interagency, international, and commercial, adding that the DoD is building relationships with the intelligence community, the Department of Homeland Security, and the private sector to share value and share risk, including working with groups such as Facebook on how to project values.

Sears Talks About NSTAC
Intelsat General President Kay Sears, who serves as the co-chair of President’s National Security Telecommunications Advisory Committee (NSTAC), spoke about NSTAC’s role of keeping the President informed about satellite security and cyber.

Sears said that NSTAC’s goal is to strengthen national and cyber security: “Public-private information sharing requires building trust, increasing transparency, providing structure and standards, and leading by example.” The latest NSTAC report is available on the NCS website.

Panel Addresses Cyber Acquisition
The Cyber Acquisition at the Speed of Need panel, moderated by Rick Sanford, president, SpaceGroundAmalgam, LLC, featured:

• Lt. Gen. Ted F. Bowlds, USAF, commander, Electronic Systems Center
• Brig. Gen. James E. “Woody” Haywood, USAF, director of requirements, Headquarters Air Force Space Command

Key panel comments include:

• There have been a number of notable cyber attacks in the past ten years
• “Speed of need” requires infrastructure, prioritization by customer, adequate level of funding, and supportability/sustainability
• Cyber challenges include mission assurance vs. network protection, identifying the most important data, and training
• Space and cyberspace capabilities shape the way we fight – we have a tremendous dependence on these capabilities
• Cyberspace superiority includes cyberspace support, cyberspace defense, and cyberspace force application

The panel discussed defending a budget with only six months visibility into future requirements, concluding that scrambling for money can cause missed opportunity and that lessons learned from other acquisitions processes must be incorporated.

Intersection of Space and Cyber Panel
Following on the full-day Cyber 1.0 session, the 26th National Space Symposium featured a panel on The Intersection of Space and Cyber.

Moderated by Ambassador Roger G. Harrison, Ph.D., director of the Eisenhower Center for Space and Defense Studies at the United States Air Force Academy, the panel featured:

• Robert J. Butler and Lt. Gen. Larry D. James, who both also spoke at Cyber 1.0
• Maj. Gen. Richard Webber, USAF, commander, 24th Air Force

Asked about the mutually reinforcing characteristics of cyber and space, Butler said both cyber and space are contested, global domains on which people are dependent for security and prosperity.

James elaborated, “It’s about the mission; supporting people in the field. Networks allow us to get our missions done; understanding those networks is a key intersection of space and cyber.

Saying that we are doing a lot for situational awareness, but still have a long way to go, James said, “We talk about a space protection program, but we need both space and cyber protection programs,” explaining that any attack on space assets is likely going to come from cyber. “We need to be able to detect cyber attack as a possible precursor to further attacks.”

Webber said that the essence of the American way of war is information and that information is why we’ve been able to reduce collateral damage. “If I try to defend everywhere, I defend nowhere.”

Webber also said that the cyber industry is pushing the development of technology and how technology is used, citing how Google acted in accordance with true values, not just bottom line, in issues with China.

Butler said that the Google incident demonstrated the intersection between commercial concerns and government concerns, adding “The Google event was a catalyst for thinking about how we can enable different types of relationships to move much more quickly.”

When asked about the inability to attribute the source of cyber attacks, James said we must understand adversary intent and capability and Webber acknowledged that this is “probably the number one challenge in the cyber domain.”

When asked why the U.S. isn’t more aggressive in face of attacks, Butler said we are moving towards a more dynamic defense posture.

Webber explained that the defensive side is the logical place to start and that, now, we need to start thinking about this problem as “defense in depth,” adding, “Looking at this with an operational perspective, perhaps there is a deterrent aspect. I have a lot of authority to kick bad guys off my network, but it is not clear if I have the right of hot pursuit.”

When Harrison asked about funding and budget, James said, “We are recapitalizing our entire fleet. There are tough budget times across the government, but the capabilities we are bringing continue to serve us well.

“Both space and cyber are essential to the way we fight,” said James. “We need to be adequately funded, and this has been done.”

  Pictured: the Honorable John M. “Mike” McConnell, USN (Retired)

 

This article is part of Space Watch: May 2010 (Volume: 9, Issue: 5).