MARLBOROUGH, Mass., 22 June 2008.Information warfare and security attacks on U.S. and allied computers and information technology networks are a serious and growing threat, and American civil and military authorities must find a better way to work together -- with each other and with allies internationally -- to counter this threat of cyberwarfare, says a top U.S. military leader.
The U.S. Department of Defense (DOD) faces serious challenges to integrate its information warfare defence efforts with those of other U.S. government agencies, as well as with allies overseas, says Marine Corps Gen. James E. Cartwright, vice chairman of the U.S. Joint Chiefs of Staff.
Cartwright made his comments last week in an address to attendees of the Air Force Cyberspace Symposium in Marlborough, Mass.
Although U.S. government agencies are conducting experiments to find the most effective ways to work together, "We need a common awareness of what's happening in the United States in order to understand the threats that we're going to face," Cartwright told attendees. "As we extend offshore, we have to tell the guys onshore what's coming. [We] have to figure out how to do real-time integrated activities."
The DOD is responsible for information warfare overseas and at military bases inside the U.S. The U.S. Department of Homeland Security (DHS), meanwhile, takes charge of cyber warfare within the U.S. At the same time, the U.S. Department of Justice has some cyberwarfare authority inside the U.S. and overseas.
These organizations have to work together because information warfare attacks happen quickly. When they happen, organizations have only microseconds and minutes to decide how to respond, and with which agency resources.
Another challenge the United States faces is with allies. The general said different countries have different policies on responding to a cyber attack.
"The United States has a way of handling that: basically, keep it as quiet as possible until we can figure out how to fix it, then we fix it," he said. "Many of our closest allies do it just the opposite. They announce it publicly right away and then work on a solution. If we don't come to some common way of handling this on an international basis, we will be stepping on each other just by doing what our laws tell us to do."
Crafting an effective defense against cyber warfare attacks requires that U.S. military services and civil agencies collaborate on a common plan to counter information warfare attacks.
"We don't fight as services; we fight as joint, interagency, combined task forces," Cartwright said. If each service develops its own unique strategy, he said, it will hurt the United States because "consolidating will cut off innovation."
Cyber organizations must be integrated into an air operations center, just like a bomber or fighter unit, and this must accomplished sooner, rather than later, Cartwright told attendees. "We build an application the same way we build an aircraft carrier and about as fast," Cartwright said. "We have to figure out a way to change that."
He said the problem is based upon a "Napoleonic command and control" structure that makes the cyber organizations fight over who's in charge. "The technology is not what paces us; it is the culture," he said. The military has to figure out the appropriate skills, schools and rank structure to build an effective cyberwarfare force, he said.