Defense secretary creates cyberspace commandDefense Secretary Robert Gates on Tuesday ordered the establishment of a U.S. Cyber Command to protect military networks and organize digital security efforts underway at the Pentagon.
The command also is charged with "synchronizing warfighting effects across the global security environment, as well as providing support to civil authorities and international partners," according to a memo issued Tuesday by Gates to senior military officials.
Gates said he intends to recommend to President Obama that the new command be led by the current director of the National Security Agency (NSA), U.S. Army Lt. Gen. Keith Alexander. If he takes on the new role, Alexander will be given the rank of general. The center, to be based in Fort Meade, Md., is expected to open in October and be fully operational one year later.
Alan Paller, director of research at SANS Institute, which provides computer security training, told SCMagazineUS.com in an email late Tuesday night that the creation of the cybercommand will help streamline the Pentagon's offensive and defensive cybercapabilities.
He added that the command will enable interoperability and real-time information sharing among military branches.
Andy Purdy, an IT consultant and former acting director at Department of Homeland Security's National Cyber Security Division, told SCMagazineUS.com on Wednesday that he thinks the command will complement Obama's decision to create a White House office to direct cybersecurity initiatives.
"It demonstrates a commitment to coordinate across the military space, and creates a strong partner for the White House cyber coordinator," Purdy said.
Howard Schmidt, CEO of R&H Consulting, CEO of the nonprofit Information Security Forum, and a former White House adviser on cybersecurity, told SCMagazineUS.com on Wednesday that no single government agency can take on the entire burden of protecting the country from cyberattacks.
"There needs to be tremendous coordination between those who have operational capabilities and those with defensive capabilities," he said.
The arguments over whether the Defense Department (DoD), the NSA or the Department of Homeland Security (DHS) should have ultimate control of the nation's cyber networks has been a matter of debate for some time.
In April, during his keynote presentation at the RSA Conference in San Francisco, Alexander sought to dispel rumors that the NSA wants to be in charge of cybersecurity in the United States. His talk came just weeks after the abrupt resignation of Rod Beckstrom, director of the National Cyber Security Center within the DHS, who cited the NSA having too much control over the protection of domestic networks as his reason for leaving.
In the long run, there is little doubt that the formation of a unified cybercommand will improve the security of the nation and our allies because it is necessary for establishing a strategic vision, operational planning and leadership of cyber defense and information operations, Mark Cohn, vice president of enterprise security at Unisys, a worldwide information technology company, told SCMagazineUS.com in an email on Wednesday.
However, in the short run, he said there may be some damage to existing public-private partnerships as relationships are revised and responsibilities shift. "We do not yet know all aspects of the policy environment and the civilian leadership that will emerge. Some are untrusting of a larger military role in the cybersecurity arena, particularly by an agency rooted in the intelligence community."
The public-private partnership depends on a capable and deep Department of Homeland Security to fully support the security of civilian agency networks and systems as well as privately-owned critical infrastructures, Cohn said. "The DoD USCYBERCOM role will be to provide assistance but not to drive this process, except perhaps as the party of last resort during an emergency," he said.
Paller is wary about this aspect of the proposal as well. He said a downside was the possibility that the cybercommand will "so militarize" the Information Assurance division of the NSA, which is part of the DoD, that it will not realize its promise as a catalyst for private-public partnerships.