DoD wants common cyber picture

Thursday - 2/24/2011, 7:36am EST

By Meg Beasley
Reporter
Federal News Radio

The U.S. Cyber Command may be operational, but it's lacking a crucial component - situational awareness.

Brig. Gen. John Davis, director of current operations for the Defense Department's Cyber Command, said situational awareness has been his number one challenge from the start.

DoD launched Cyber Command in November. With components in each organization, it is responsible for shielding 15,000 military networks.

Davis spoke Wednesday at a forum of industry leaders during a conference sponsored by the Armed Forces Communication and Electronics Association. He said while situational awareness isn't fully operational, Cyber Command does have some pieces in place and have put a lot of thought into the type of system needed to complete the project.

"In terms of where we're headed, we've outlined some effects-based operational requirements that we think are our near-term priorities," Davis said. "So these are going to drive us. And we always translate it back to our operational requirements to drive where we're headed with situational awareness."

Davis said even though he focuses on Cyber Command - specific requirements, there are common threads between government and private sectors when it comes to cybersecurity concerns and needs.

"We all share the same infrastructure," Davis said. "Ninety percent of what I use to do military missions across DoD rides on the commercial infrastructure. You can't separate this stuff out - it's all interconnected. So there should be a lot of common threads that run throughout what I need as a military commander and what you all are seeing."

When it comes to Cyber Command's priorities, Davis said situational awareness should form the foundation of DoD's Common Operating Picture (COP).

He said it must also incorporate relevant blue, red and white/grey information.

"Blue is our own networks, the DoD networks," Davis explained. "We need to understand our own networks to the point where we really understand what is critical about those networks - knowing what the key cyber terrain is. Because we know we can't defend everything everywhere - money is going to be an issue."

He said the red piece is threats, both current and future, cyber and physical. The white/grey refers to everything outside of DoD's blue space - the commercial and private sector.

"We don't want to just see a good picture inside of our wire," Davis said. "We want to see what's happening outside so that we can understand in real time what's happening and posture ourselves to be able to defeat or mitigate threats that might be coming our way proactively rather that reacting to it after its already something that's inside for us to deal with."

Data overload?

Davis said DoD must balance that broad informational need with a way to analyze all the data the technology brings back to the military. He said too much data without a way to separate the wheat from the chaff actually makes his job harder.

Davis said it is important to leverage data from all sensors and capabilities, from the boundary of DoD's networks all the way up to the top. But, he said, that is a lot of information, and, again, agencies need a means by which to sort through it.

"It's not enough to just get bombarded with data of different types," Davis said. "Embedded in the architecture has to be the ability to analyze that data so that it is focused on our operational priorities and key terrain."

Davis said Cyber Command is looking for a platform that supports its three lines of operations - directing the operations of the networks, defending networks and leveraging the capabilities to provide offensive options. He said the system must balance the three rather than overly focus on one objective.

Davis said the platform must also support alerts and alarms in a subscriber-fashion. He said it's not good enough for Cyber Command to have situational awareness - the information is almost meaningless if it can't be delivered down the DoD architecture to individual agencies. Davis said with all of these pieces, Cyber Command is working to operate at near real time.

"The threats, both human and mother nature, occur very rapidly in this battle space," Davis said. "Our decision making process has to be enabled by situational awareness so that we can rapidly react and make decisions and prioritize assets and resources and deal with what we see."

Eyes wide open

Davis said another key to achieving situational awareness will be avoiding cyber blinders. He said they need to monitor the cyber and physical battlefields. He said threats emerge from both places, and decisions made in one domain effect the other.