U.S. Cyber Command wants DISA to take greater role in DoD cyber defense

Thursday - 5/29/2014, 3:46am EDT

Jared Serbu

Download mp3

U.S. Cyber Command is in talks with the Defense Information Systems Agency to give DISA more day-to-day responsibilities for defending DoD networks from cyber threats.

The precise division of labor between the two DoD organizations is a long way from being sorted out, but Adm. Michael Rogers, who took over as commander of U.S. Cyber Command two months ago, said his preferred approach would involve the creation of a Joint Force Headquarters at DISA. The organization would absorb a significant amount of DoD's workload with regard to defensive cyber operations and would play a supporting role to U.S. CYBERCOM.

"As the new guy at U.S. Cyber Command, one of the things I've been asking is what we should be doing or not doing as a subunified command," he said. "We can't do everything, and one of the conclusions I've come to is that if CYBERCOM is going to be intimately focused on the tactical-level details of how we're going to defend the network every day, we're not going to get much else done. That's when I said, 'DISA can really help here.'"

Rogers, addressing a Washington cybersecurity summit organized by AFCEA's Washington, D.C. chapter Wednesday, said he believes the cybersecurity construct would make sense given the greater responsibility for department-wide IT DISA has already signed up for under DoD's still-evolving Joint Information Environment.

As JIE takes shape, DISA already has pivoted from its historical role of connecting military service-centric IT systems to one another, and instead, building and operating enterprise IT systems that each military service will share, such as core data centers, email and collaboration platforms and centrally- managed mobility services.

"We've got to give DISA the ability to create a command and control node that can coordinate with others to defend the DoD Information Network (DoDIN), and as we bring JIE online and start to operate a truly integrated, global network that's not so oriented around the individual military services, DISA's role gets to be even bigger," he said. "The military services have had some role up until now in securing four different global backbones, and my attitude is that this is an important role for DISA, and the services need to optimize themselves so that they only operate the last tactical mile and plug into it."

Exploring the idea of JIE

The idea of a joint force headquarters got a brief mention in the updated strategic plan DISA released earlier this month, but the agency has been actively exploring the idea since at least last fall, when it published a sources sought notice that attempted to identify vendors who could help develop operational concepts for the headquarters. In it, officials said they wanted to create an implementation plan that would align a theoretical DISA task force with cyber activities at CYBERCOM and U.S. Strategic Command.

Rogers said starting up the task force would require at least a slight realignment in the way DISA currently organizes itself and allocates its resources.

"DISA is largely an acquisition and engineering organization," he said. "For DISA to do what it needs to do in order to help us operate and defend the networks, some portion of DISA needs to become an operational entity that's focused on how we maneuver and defend the network."

Rogers said delegating some level of "tactical" cyber defense to DISA would let CYBERCOM focus on what he views as the appropriate niche for his organization: the "strategic" level of cyber warfare.

To that end, DoD is attempting to build a cadre of 6,000 cyber operators between now and 2016, divided into three types of teams:

  • One focused on defending U.S. civilian critical infrastructure;
  • One devoted to defending Defense networks;
  • One that will handle offensive cyber operations when CYBERCOM or combatant commanders around the world decide they need to use cyber weapons against adversaries.

Taking ownership over standard-setting

CYBERCOM is overseeing the construction of the teams and has dictated that personnel from each military service should be trained to a single set of standards so that Army, Navy, Air Force, Marine Corps and Coast Guard personnel can interoperate seamlessly, Rogers said. At the same time, he seemed to walk away from the responsibility for creating those standards and did not specify who would perform the standard-setting function if CYBERCOM would not.

"I am the operational commander. I'm not the standards guy, I'm not the architecture guy," he said.

Rogers did make clear that he believes the longer-term task of developing cyber warriors in a sustainable fashion is a job best left to the military services, and not one that should be subsumed into CYBERCOM.