Thursday, September 29, 2016

Pentagon’s 5,000-Strong Cyber Force Passes Key Operational Step

[ed. See also: Security Experts Agree: The NSA Was Hacked]

A 5,000-person Pentagon force created to bolster military computer networks and initiate cyber attacks against terror groups should be ready to carry out its mission by the end of the week, a key step in improving the U.S.’s ability to respond to hacks by overseas adversaries.

The Cyber Mission Force will reach "initial operational capability” by Friday, said Colonel Daniel J.W. King, a Cyber Command spokesman, in an e-mail. The group’s 133 teams have met basic criteria on personnel, training, resources and equipment, but all of them aren’t necessarily ready to launch attacks, he said.

The force, which falls under the U.S. Cyber Command created in 2009, likely will focus on the highest priorities, such as risks from Russia, China, Iran and terrorist groups including Islamic State, according to Bob Stasio, a fellow at the Truman National Security Project and former chief of operations at the National Security Agency’s Cyber Operations Center.

Until the force becomes fully operational, which is planned in 2018, the question officials directing it will ask first will be, “What’s the minimum operation I need against the biggest threats that I have today -- the closest alligators to the boat," Stasio said.

Previously, cyber operations were scattered in silos across Cyber Command, the NSA and other military branches, according to Stasio. The new centralized force will help cut through the bureaucracy, he added. Officials plan to expand the force by another 1,200 people as part of the process of becoming fully combat ready.

"We continue to generate the mission force," Admiral Michael Rogers, who heads Cyber Command and the NSA, said in a Sept. 13 speech in Washington. "At the same time, we got to tell ourselves we are not where we need to be in this mission."

The operational capability designation means the Pentagon has better streamlined cyber activities across its bureaucracy, but analysts say it doesn’t necessarily reflect greater security chops as defense officials try to keep up with fast-evolving technology and threats.

"What it means is we have the people, the tools, we’ve practiced and we’re ready," said Mark Young, chief security officer and senior vice president at IronNet Cybersecurity Inc. and a former senior executive at Cyber Command. (...)

Setting up the force is also a sign that cyber is more "baked into" the military’s overall strategy, while providing defense officials a grasp of how much it needs to spend on cybersecurity, said Dave Aitel, chief executive officer of Immunity Inc. and a former NSA computer scientist. In its 2017 information technology budget, the Defense Department requested $6.8 billion for cyber operations. (...)

"You have to kind of look at it as if you’re building a whole new Navy, that’s a very expensive operation," Aitel said. "It gives them better buckets to throw money into and know where that money is going."

by Nafeesa Syeed, Bloomberg |  Read more:
Image: Simon Dawson/Bloomberg