18 February 2017

Officials: Getting authority for cyber ops is tedious, but in a good way


by Mark Pomerleau

Cyber authorities, which have been a much belabored process, are beginning to transition more from the highest levels of government – which initially viewed them as a strategic asset – to the operational level.

Originally, the thinking on cyber operations was everything had to be controlled by the president because operations in cyberspace were all thought to shut down the internet, Brig. Gen. J.P. McGee, deputy commanding general for operations at Army Cyber Command told reporters Feb. 8 during a media roundtable.

As Cyber Command is currently engaged in cyberwarfare against the Islamic State group, Brig. Gen. Patricia Frost, director of Army Cyber Directorate at the Pentagon, told reporters authorities in this effort have changed over time as the president – both Obama and Trump in a continuation of the previous policy – has delegated authority for the counter-ISIS operations down.

When looking at how Cyber Command is executing operations today, deconfliction from the team presenting a concept of operation for an effect comes from any of the joint force headquarters goes up to Cyber Command, Frost said, adding that this has been a learning process and refined over the last decade-plus.

The main hacking effort against ISIS, dubbed Joint Task Force-Ares, aims to disrupt ISIS command and control, communication and financing. This effort is delivering effects against ISIS in northern Iraq and Syria, McGee said.

The recent elevation of Cyber Command from a sub-unified combatant commander under Strategic Command to a fully unified command is viewed by some as a reduction in the importance of cyber. It signifies a normalization of cyber, much like airplanes or tanks, and not a strategic resource, Paul Rosenzweig, former assistant secretary for policy at the Department of Homeland Security said.

With JTF-Ares, and the counter-ISIS effort more broadly, Col. Robert “Chipper” Cole, director of Air Force Cyber (forward) has said both Cyber Command and Central Command have a say on potential targets. There’s a CENTCOM targeting board, a JTF-Ares targeting board and the cyber personnel have to link that up with the CENTCOM, Cole said.

If something didn’t occur or if they weren’t able to get approval, Cyber Command has gone back to reexamine what in the process prevented Cyber Command from getting the approval they needed, Frost continued.

Anyone working that process within Cyber Command and the service component commands would say the process is pretty tedious, Frost said, but tedious in a positive way because cyber is a new domain. The military has established governance processes and they’re working on whether that system and process is sufficiently timely and efficient to deliver the capability and effect.

The process is currently working, she assured.

No comments: