I've got a couple of stories about the standup of the U.S. Cyber Command (USCYBERCOM) in the September issue of DTI, which is now out. The first one--where I explore the staffing challenges of the command--was posted online Friday. Here's a little bit, but you can read the whole thing here.
Since the command has been set up to tackle a new and emerging kind of warfare—one which hasn’t been fully defined—it is critical that Cyber Command breaks out of the rigid historical and structural box that conventional U.S. combatant commands operate in, say several industry experts interviewed by DTI.
Michael Tanji, a security consultant who previously worked with the Defense Intelligence Agency, National Security Agency and National Reconnaissance Office, says the command should strive to “operate in a matrix fashion” and bring in the right staffers regardless of where they sit on the civilian/military divide, or even which service or office they report to, for any given problem. “A pyramid-shaped organization chart, made up of smaller pyramid-shaped organization charts, is not going to work,” he says. “Cyber Command has to deal with offense and defense, and the best way to do that is to have [everyone] work together to understand the adversary mindset and techniques. You’re a much better defender if you know how bad guys exploit software; you’re a much better attacker if you know what defenders can do to stop you from succeeding.”
The notion that this command needs to find a new way of operating is shared by another analyst, Richard Stiennon, who says “it’s not like setting up the Air Force or bringing in John Paul Jones to set up the Navy, where you take some people at the beginning of an industry and have them do it. We’re 10-15 years behind the times and playing catch-up.” Stiennon, chief research analyst at IT-Harvest and an IT security adviser who has worked for the Pentagon and private industry, adds, “Imagine if the Navy decided to get into aircraft carriers today, from scratch,” without having the benefit of decades of developing aircraft and carrier technologies, tactics and procedures in tandem. That, he says, captures the scope of the task ahead. Stiennon says the first priority of the command should be simple: start with the basics. “On Day 1, if [General] Alexander were to pound the table with his fist, it should be to discover and know every network connection and make sure it’s protected. That’s a huge task. It would be expensive, but it’s got to be done.”
Read the whole thing here.