National Security Cyber Trends ALAMO ACE Presentation Lt Gen (ret) Kevin McLaughlin November 16, 2016
Context Operational Perspective USCYBERCOM directs an overall enterprise of 12,000 personnel and a half a billion dollars a year Job #1 - Defend DoD s entire cyberspace footprint Provide cyberspace options to warfighters Protect critical U.S. infrastructure from cyber-attacks of significant consequence
Context Organizational Perspective Align resources, capabilities, policy, and authorities to grow command capacity and capability Fielded and certified readiness of all 133 cyber mission force teams Created USCYBERCOM development and acquisition organization Fielded first Title 10 infrastructure, tools, and capabilities Created new and matured existing subordinate organizations executing joint ops Components, JFHQ DODIN, JTF ARES, etc Developed robust international coalitions
Context Policy and Authorities Perspective Articulated risks, created strategies, plans, and detailed recommendations to influence executive-level policy-makers Drove new organizations, new authorities, and new C2 arrangements JFHQ DODIN, Directive Authority, etc Created the operational concepts, organizational and C2 approaches, and Title 10 capabilities portfolio for CENTCOM combat operations Developed rationale, legal, and policy recommendations associated with providing USCYBERCOM acquisition authority Successfully argued for including cyber capabilities as part of a larger US approach to deterrence. Created rationale and policy underpinnings for the elevation of USCYBERCOM and potential dual-hat split Elevation approved by the President.
Capability, Capacity, & Operational Trends USCYBERCOM will mature the Military Cyber Operations Platform to drive joint capability development across DoD Enabled by Common Data Architectures/Big Data Analytics, with innovation at tactical edge and stability at the core Expand defense to critical infrastructure, platforms, and mission systems CYBERCOM will split from NSA and become an equal in terms of capability and capacity Cyber will be a key element of overall deterrence posture Military offensive operations will become much more active International norms will be set through practice and operations
Capability, Capacity, & Operational Trends (Cont) Conduct integrated operations across Offense, Defense, ISR Multi-domain joint operations Tackle the problem of Where Do we Put the Humans and What Functions Do They Play? Automation/Big Data Analytics Frees Humans for Essential Task Understanding Human Role Drives Training/Recruitment/Retention Get on the right side of the cost imposition curve Understand and Solve Complex Problems Wargames/Simulations that "Learn" Autonomous Network Ops - Adapt with Minimum Human Involvement
Organizational Trends Cyber Command Elevation: FY 17 NDAA drives authorities for employment + organizing, training, & equipping cyber forces. Develop strategy, doctrine, and tactics; Prepare and submit program and budget recommendations for joint cyber operations forces; Exercise authority, direction, and control over the expenditure of funds for all joint cyber capabilities; Train and certify assigned joint forces; Setting and validating requirements for cyber capabilities for DoD; Ensuring the interoperability of equipment and forces; Monitoring the promotion of cyber personnel and the assignment, retention, training, education, and pay of cyber operation forces.
Organizational Trends (cont) Bolstering Civilian Oversight of Cyber Command. Centralize OSD authority, direction, and control Will overcome Congressional restrictions to splitting the dual-hat Separate NSA and USCYBERCOM, but with unique partnership Other Government Agencies IC, DHS, DOJ, Trump EO Implementation
Seams Between Key Players Will Trend Closer Seams between USG entities DoD, IC, DOJ, and DHS Seams between US and Other Countries Closest allies and alliances Some not-so-close governments Seams between public and private sector entities that comprise national security sectors Increased government regulation and insight Increased data sharing New and innovative public/private partnerships New government structures Joint public and private security operations
2018 NDAA Conference Report Continues the Trend Directed SECDEF to conduct a Cyber Posture Review to clarify US policy and strategy with respect to cyber deterrence Strengthened US Cyber Command Authorities for Ops and C2 Facilitated exercises related to election systems cybersecurity Directed DoD to measure cyber security of ICS Directed SECDEF, in consultation with DIRNSA, submit a plan to establish a Strategic Cybersecurity Program Directed CYBERCOM evaluate alternative methods for developing, acquiring, and maintaining cyber capabilities Directed STRATCOM & CYBERCOM to assess NC2 cyber resiliency