Cyber commanders reflect on lessons learned from the pandemic.
the cyberwire logoJust Now

The US military has been engaged in cyber conflict throughout the pandemic. Senior officers gathered yesterday at the DoD Cyber Commanders Summit, Sponsored by Palo Alto Networks, to discuss "Lessons Learned from a Global Pandemic." They shared both lessons learned and suggestions for improvement. Remote work capabilities and the government's senior cybersecurity leadership team are big successes for US Cyber Command. Training, competition, and industry partnerships still need attention.

Cyber commanders reflect on lessons learned from the pandemic.

During a panel discussion at the Joint Service Academy Cybersecurity Conference, retired Vice Admiral TJ White moderated five senior military officers who discussed their lessons learned and strategies in fighting cyberwar during the global pandemic. Remote work capabilities and the government's senior cybersecurity leadership team are big successes for US Cyber Command. Training, competition, and industry partnerships still need attention. 

Towards a remote cyber force.

In adjusting to the new normal of a global pandemic, Cyber Command learned to adopt effective remote work practices. A particular challenge for classified operations, creating virtual work capabilities was not an easy lift. Lieutenant General Moore, Deputy Commander of US Cyber Command, celebrated the speedy adoption of the Commercial Virtual Remote (CVR) system that enabled key cyber forces to communicate and work from home. Championed by the Defense Information Systems Agency (DISA), this capability was apparently adopted within weeks of the international health crisis in March, 2020. Lieutenant General Bob Skinner, DISA Director, credited the public-private partnership between DISA, the Cloud Capability Program Office, and Microsoft with transforming the majority of Cyber Command’s daily coordination and communication needs onto that platform.

The sheer scale of the remote work challenge was not to be underestimated. The Air Force “increased from 7,000 to 300,000 remote workers in a couple of weeks,” observed Lieutenant General Tim Haugh, Commander of Air Forces Cyber Command. Meanwhile, Army Cyber had to contend with servicing 1.1 million soldiers and civilians at 288 duty stations around the world on any given day. 

The key to their success in enabling remote work was attributed to the foresight of General Nakasone, Commander of Cyber Command and Director of the NSA, and his leadership team. Lieutenant General Fogarty noted that at a commander’s conference early in 2020 before the international health emergency was declared, General Nakasone directed the various cyber commanders to prepare for what he saw as an imminent crisis on the horizon. Because the majority of Cyber Command’s mission is to operate and defend the numerous networks and digital systems within the DOD, the service commanders expected the workload to grow much larger as the remote systems came online. CVR enabled ease of use for those who did not have government-furnished equipment, and new VPNs implemented by DISA accelerated migration to remote work even for some sensitive mission areas.

Remote training still a challenge.

One issue that was not solved so quickly and still plagues the cyber force is their ability to conduct remote learning and training activities. Lieutenant General Fogarty identified remote training as one of their biggest remaining challenges. With no ability to run distributed classified training, cyber operators and analysts lagged behind in their education and development. Although Cyber Command has invested heavily in the Persistent Cyber Training Environment and the Joint Cyber Warfighting Architecture, it seems that no remote training tools are integrated with those capabilities. One wonders if the cyber forces were allowed to leverage existing training and education tools such as SANS courseware or Offensive Security’s training environments in order to maintain proficiency.

Adversity is opportunity for the adversary.

An observation made by each panelist is the persistent and notable cyberspace and information warfare threat posed by China and Russia. Rear Admiral Mike Ryan, Commander of Coast Guard Cyber Command, was quick to note that the US domestic landscape is at continual risk of disruption and attack, and that he observed a significant uptick in adversary activity during the pandemic. He went on to celebrate the efforts of the Cybersecurity and Infrastructure Security Agency (CISA) as the “maestro across the critical infrastructure sectors.” 

In response, the panelists expressed confidence in the current US cybersecurity team. Lieutenant General Haugh specifically mentioned the combined expertise of Jen Easterly (CISA Director), Anne Neuberger (Deputy National Security Advisor for Cyber and Emerging Technology), Chris Inglis (National Cyber Director), Alejandro Mayorkas (Secretary of Homeland Security), Rob Joyce (NSA Director of Cybersecurity), the FBI’s cybersecurity leadership, and General Nakasone as forming an “incredible top class team.” With new partnerships across the interagency, better coordination of priorities, new information and intelligence sharing mechanisms, and improved communication, apparently the Cyber A-Team has entered the building. 

However, little was said about any ongoing efforts to deter recent cyber operations against critical US infrastructure, including last week’s ransomware of major farming cooperatives in the Midwest. Lieutenant General Moore attributed some of their current shortcomings to the concept of Great Power Competition itself. “The DOD is comfortable with crisis and conflict,” he observed, “but less so with the competition phase.” While policies, authorities, and actions are in place to respond (and have been since 2018 when NSA’s “Russia Small Group” met with success countering foreign interference in US midterm elections), the joint cyber force is still learning how to compete with foreign actors in the “grey zone below the level of armed conflict.”

How industry can help.

The panel culminated with a probing question from an audience member. “How can industry best help you commanders?” Lieutenant General Fogarty admitted that the joint cyber forces still have “too much man in the loop” and need better automation capabilities across data analytics, detection, and response. He specifically called for ways to quickly understand threats in real-time and automate responses to adversary activities.

On the defensive side, Rear Admiral Ryan asked industry to help maritime ports and other critical and aging infrastructure with better security capabilities. Lieutenant General Haugh applied the same thought to legacy military infrastructure and technology, asking industry to help sense, analyze, and defend components in older military infrastructure and weapons systems.

Adopting a different tack, Lieutenant General Fogarty amplified the need to improve trust, collaboration, and transparency between the government, commercial partners, and academia. While US “adversaries and competitors are persistent, capable, and agile,” he noted, “they aren’t 50 feet tall.” Fogarty is confident in the strength of US “organizations, people, and will” to contest and win in cyberspace. However, the “ability to conduct operations is based on the speed of trust,” and the US needs the “interagency, academia, [and] commercial partners all working together to deny the adversary the advantage.”