Lynn notes Cyber Command's significance

22 May 2010 | Jim Garamone

Deputy Defense Secretary William J. Lynn III called the establishment of U.S. Cyber Command at Fort Meade, Md., a milestone in the United States being able to conduct full-spectrum operations in a new domain.

Mr. Lynn spoke to reporters in his office May 21 before attending the stand-up of the command. During the ceremony, Army Gen. Keith Alexander, Cyber Command's top officer, pinned on his fourth star and uncased the colors of the new command.

The establishment of the command is the latest in a series of steps that will better protect military networks, Mr. Lynn said, as it combines a confederation of task forces into a formal sub-unified command.

Cyber Command officials will report to U.S. Strategic Command based at Offutt Air Force Base, Neb. Mr. Lynn has led the effort to stand up the command since Defense Secretary Robert M. Gates directed its establishment almost a year ago.

The new command will centralize cyberspace operations. The cyber domain, Mr. Lynn said, is as important as the land, sea, air and space domains to the U.S. military, and protecting military networks is crucial to the Defense Department's success on the battlefield.

The U.S. military is more dependent than any other military on information technology, and that is a major reason why the U.S. military is the best in the world, Mr. Lynn said. The military must be able to protect their computer networks and must ensure freedom of movement in the domain to be able to operate on networks around the world, he added.

"We want to be able to maintain those advantages and protect the military missions, and that is the main mission of Cyber Command;  it is to protect the military networks," the deputy secretary said. "It will have a role, though, in protecting the government's networks and critical infrastructure."

Cyber Command draws existing cyber capabilities and places them under one organizational structure, Mr. Lynn said. And with a four-star general in command, he noted, Cyber Command can deal with the combatant commands on an equal basis.

"It will be the place where the Department of Homeland Security will come to on cybersecurity matters," Mr. Lynn said. "And it will help rationalize the interagency process."

About 1,000 people will work at Cyber Command at Fort Meade, most shifting over from existing task forces. The services will provide their cyber organizations: Army Forces Cyber Command, the 24th Air Force, the 10th Fleet and Marine Forces Cyber Command.

How the command will implement policies remains to be seen, Mr. Lynn said, because cyber capabilities have outpaced policy. However, "substantial progress" has been made in certain areas, he said.

May 21 marks the command's attainment of initial operations capability. Full capability is set for Oct. 1.

"That didn't happen in isolation," Mr. Lynn said.  "We've been training people up, we've had task forces, we've made investments. This is sort of a capping step."

Defense Department officials have made substantial progress in working with defense industries, Mr. Lynn said. Officials wanted to share concerns about the cyber threat and best practices, but there were legitimate concerns about protecting proprietary information.

"I think we've worked through a lot of that," Mr. Lynn said. "We've been able to work with the industry and share information about the threats and show them what we think is coming at them. I think we will be able to build further on that."

Officials also have made progress internationally. Mr. Lynn traveled to Great Britain and Australia to begin that process, and will travel to Canada to continue the outreach. This entails shared warning and shared technologies, and Cyber Command will be part of the outreach, he said.

Mr. Lynn acknowledged that more progress is needed on the many legal issues related to cybersecurity. A U.S. interagency team is looking at the laws of war and the application to the cyber domain. What is an attack in the cyber world? How does a nation respond to an attack? What does sovereignty mean in regard to the Internet?

"We're in the midst of a series of meetings the White House is leading to work through a lot of those legal issues," Mr. Lynn said. "We've made progress organizationally, industrially and internationally, but the legal regime in particular is an area we need to tackle further."

And the threat continues to grow, he said.

"The first thing you say about this threat is that it's asymmetric," Mr. Lynn said. "It doesn't take the resources of a nation state to launch cyber war. Nations still have the best capabilities, but you can do very threatening and damaging things with modest investments.

"Our ability to predict where the threats are coming [from], even in conventional threats, is remarkably poor," he continued. "We didn't see Desert Storm coming. We didn't see the series of events that led to Afghanistan. Foreseeing the threats in cyberspace is harder. With Cyber Command, I think we need to be prepared for the unexpected."