Web Page sponsored by Airbus Defence and Space
12 Jun 14. Teamwork, balancing between opportunity and risk, and transparency of intent are the keys to U.S. efforts in the cyber domain, the acting deputy assistant secretary of defense for cyber policy said.
Speaking at a forum hosted by the Association of the United States Army’s Institute of Land Warfare, Army Maj. Gen. John A. Davis discussed dynamics and trends he has seen driving Defense Department cyber policy, strategy and authority while working over the last six years in senior cyber-related positions. The first driver of cyber policy has been teamwork and partnerships, the general said. “We say cyber is a team sport a lot,” he said. “I can tell you from my perspective: Don’t underestimate that or think that it’s a cliche. It is not.” Many public and private organizations have individual roles and responsibilities that are critical in the area of cyber, Davis said. “There’s no doubt everybody’s got a part to play,” he added. “But there’s no single organization — public or private — that has sufficient expertise, talent, resources, capabilities, authorities or capacity to act or be successful in isolation.” From the perspective he has gained in the office of the undersecretary of defense for policy, the general said, he views these partnerships on four levels, which he referred to as “the four I’s.” The first is internal, he said — things an organization needs to do within itself to be an effective member of a broader team. The second is interagency, he said, which means a federal whole-of-government approach. The third, industry is the public-private partnership that’s required to be effective. The final “I,” Davis said, stands for international. The implications of these concepts, the general said, are related to the Defense Department as a member of an interagency team, and its role and responsibility in cyberspace with other elements of the federal government. After a cross-government cyber exercise, the general said, the three main organizations that formed the basis of the federal cybersecurity operations team — the FBI, the Department of Homeland Security and the Defense Department — spent the next year outlining their roles and how they related to each other. This was done, he added, to provide for effective preparation, response, prevention, mitigation and recovery, from a major cyberattack with the organizations working together as an effective team. Davis also said President Barack Obama’s cyber policy is “an articulation of a very clear role for the DOD in defending the nation in cyberspace. That’s very important for us as a member of a broader team.” The second driver, balancing opportunity and risk, refers to growing reliance on information technology environment standing in stark contrast to that environment’s security. “It’s because technology and technological development … have historically focused more on opportunity,” he explained. “We always chase technology, and security’s always behind and trying to keep up.” The balance is changing, Davis said, but at a slow pace. The Defense Department and the intelligence community have been ringing the bell to alert the public and private sectors of a growing threat to critical infrastructure and key resources, not only in the United States, but also worldwide.
“There’s a risk of the proliferation of cyber weapons, and with it, the increasing potential for instability and mistakes,” Davis said. He added that he is most worried about the risk of unintended consequences.
“There’s been a lot of blurring of the lines recently between state and nonstate activity,” the general said. “There’s been an extreme lack of transparency in the ability to gauge intentions. There’s been a lot of reckless behavior that we’ve seen, and we don’t understand the intentions behind it.” This uncertainty, Davis said, could lead to th