DoD offers more details of how cyber command would work

The Defense Department has not officially announced its new cyber command, but from what Lt. Gen. Keith Alexander tells lawmakers, the new structure is fait accompli.

Alexander, the National Security Agency's director, is rumored to be the head of the new command, which would be a sub-unified organization under U.S. Strategic Command.

"Recently, the commander of StratCom delegated to myself under Net-Warfare the responsibility for directing the defense and operations of the [Global Information Grid] as well as our current operations of Net-Warfare so we have all those missions together so we can put the defense and offense together for the good of the department," Alexander tells the House Armed Services Subcommittee on Terrorism, Unconventional Threats and Capabilities Tuesday at a hearing on DoD cybersecurity. "Now we are looking at the steps…of what we need to put together to ensure our networks are secure and provide us freedom of movement in cyberspace."

Alexander did not go as far to say a command is imminent, but much of what he told lawmakers seemed to signal a new entity will emerge from the White House 60-day cyber review. The White House is expected to release a roadmap from its review by Friday.

In an answer to a question from Rep. Jim Marshall (D-Ga.) about the cyber command's structure, Alexander says the Defense Information Systems Agency would not be rolled into the new command. Additionally, Alexander says the relationship with the Office of the Director for National Intelligence would be strengthened to have a real time view of cyber threats, vulnerabilities and attacks.

"The key part is to have NSA and the new command co-exist," he says. "We will put the pieces together at Ft. Meade and look at how you build the command to do cyber operations leveraging what NSA brings in cyber exploitation."

He also discussed the new command's relationship with the Homeland Security Department.

"We see [the command] as a foundation, a technical foundation, for DHS to lean on while DHS takes on its mission to operate and defend the rest of the .gov network," he says.

Lawmakers also asked about federal oversight of industry and how vendors protect their networks from cyber attack, especially those with government data.

Rep. Jeff Miller (R-Fla.) asks what DoD is doing to secure these networks.

Bob Lentz, DoD's deputy assistant secretary for Defense for Cyber, Identity and Information Assurance, says the goal is to have a partnership.

Lentz points to several ongoing initiatives DoD and industry are working on, such as one to share more information with the Defense Industrial Base, or the military's suppliers.

The pilot ensures secure information sharing of threats and vulnerabilities, incident reporting and damage assessments and acquisition changes. The Defense Cyber Crime Center is developing a secure electronic voice/data communication network under this DIB initiative to improve communication.

Lentz adds that DoD also is working with DHS to evaluate this approach and may be expand it to other parts of the government.

This issue of industry's role also came up during a hearing Tuesday of the House Oversight and Government Reform Subcommittee on Government Management, Organization and Procurement.

"The program has been successful by providing timely information to our partners, but also them providing us with information about incidents on their networks," Lentz says. "It is aggressively going after the controlled unclassified information that resides on our contractor systems. The pilot helps protect their networks at the same level we protect ours."

Alexander says the biggest challenge is sharing classified information. He says there has to be assurances from industry that when DoD provides secret information about threats, vulnerabilities or attacks, it remains secret.

Rep. Brian Billbray (R-Calif.), ranking member of the Oversight and Government Reform subcommittee, says the first line of defense to protect federal systems are the contractors.

Committee chairwoman Diane Watson (D-Calif.) says her subcommittee is developing legislation to deal with this and a several other issues, including clarifying roles and responsibilities for cyber across the government, and standardizing policies and laws.

"We lack a harmonized framework to coordinate governmentwide," Watson says. "We have too many cooks in the kitchen with OMB, DHS and DoD all having similar roles. Until we have standard policies, regulations and programs, our patch work of cybersecurity will have minimum affect to secure our infrastructure."

-----
On the Web:

FederalNewsRadio - Pentagon cyber command to create force for future

FederalNewsRadio - NIST, DoD move closer to a set of unified cyber guidelines

FederalNewsRadio - Beckstrom resignation reverberates on Hill

House Armed Services Committee - DoD cybersecurity hearing

House Oversight and Government Reform Committee - Cybersecurity hearing

(Copyright 2009 by FederalNewsRadio.com. All Rights Reserved.)