Cyber is the ultimate team sport, and it will take true partnerships between defense and industry to protect the nation’s information systems, the commander of U.S. Cyber Command told an audience at the U.S. Chamber of Commerce.
“There’s no one single group or entity that has all the answers, nor is there one single group or entity capable of executing the solutions that we need to do,” Navy Adm. William S. Rogers said.
But, Rogers noted, it’s up to leaders in defense and the private to drive the cultural changes that will allow these partnerships to thrive.
“When you don’t have leadership buy-in, you are fighting with one hand tied behind your back,” he said.
Cyber blurs line between public, private sectors
to the traditional view puts the private sector in one arena and the government in another, Rogers said, and the whole question of national security as something apart from that. But cyber blurs the line between those three groups, the admiral said.
“The cybersecurity challenges we are facing a nation, I view them as a national security issue for us,” he said. “And how are we as a nation going to address the challenge that is not going to go away?”
The hazards that defense and the public sector face in the cyber realm are serious and long-term, Rogers said.
“Every day there are groups, individuals and nation-states attempting to penetrate our DoD networks, and it’s the same thing we’re seeing in the corporate world,” the admiral noted.
Essential partnerships
Cybercom has three missions: to defend the department’s networks, generate the cyber mission force and provide protection and support in the event of attacks on critical U.S. infrastructure. Accomplishing this third mission won’t be possible without building relationships with the private sector and other federal agencies in advance, the admiral said.
“If there’s one thing you learn in the military, Rogers said, “you do not wait until the day of the crisis to suddenly say to yourself, ‘Boy, I guess we better do some training with each other, or I guess we better understand what our partners needed and what they don’t need, and what’s effective for them and what is not effective.'”
The Defense Department already is working alongside other federal agencies, including the Department of Homeland Security and the Federal Bureau of Investigation, he said.
Rogers also serves as director of the National Security Agency. In that role he oversees infrastructure assurance — that is, not just defending systems, but developing their standards, he said.
“We do it with the federal government, and increasingly we find ourselves called on by our DHS and FBI teammates to provide capability from our cyber expertise to support the private sector,” the admiral said.
Those types of requests are only going to increase, Rogers said.
“You can pick up a newspaper. You can get on your favorite website,” he said. “You can blog on whatever particularly interests you. You can go to whatever media outlet that you find is the best source of your news, and every day you will find something about a major cyber incident. This is not a short-term phenomenon.”
Industry concerns are legitimate
The private sector has real and legitimate concerns about the legal liabilities of partnering with the government, he said.
“We have got to help remove those very legitimate concerns and address them, because in the end what we have got to get to, I believe, is real-time automated machine-to-machine interface,” Rogers said. Before that happens, both sides need to clearly define in advance what information will be shared, he added.
The admiral said he does not want “privacy information” to be part of any information-sharing agreements, because that’s not the focus of cybersecurity.
“What we need to share with each other is … actionable information that you can use that gives you insights into as to what’s the malware you’re going to see,” he