Cybersecurity Demands Culture Change, DoD Official Says
September 18, 2015
A change in culture is needed to protect against threats in the rapidly changing cyber domain, the Defense Department's chief information officer said here yesterday.
"What keeps me awake is 'Will we get the cyber culture right?'" said Terry Halvorsen, opening a daylong cybersecurity meeting of government and industry experts. At the 6th Annual Billington Cybersecurity Summit, Halvorsen highlighted three areas in cyber culture he said need to be addressed: discipline, economics and enterprise.
Cyber, the fifth domain in warfare, is different from other warfare areas because of the rapid speed at which things change, he said. With the evolving threats, the thinking on cybersecurity needs to evolve as well. "Culture is the hardest thing to change," he said. "That's why it keeps me awake at night."
The United States is dependent on cyber more than probably any other nation, certainly more than any other military in the world, he said. While that gives America some "really powerful advantages" in warfare and business, he said, it also makes it the "most vulnerable to cyber interdiction."
A threat, whether a criminal or a nation-state, can spend a "fairly small sum of money and cause us to spend quite a bit of money," Halvorsen said. "Right now, we are on the wrong side of that cyber-economic curve."
Better discipline, Halvorsen said, would raise the "cost of entry," thwarting some of the smaller players.
"Today almost anybody with a laptop, a little bit of sense and a little bit of money can go on the Internet, download some tools and cause a problem," he said.
There is a need for a culture and understanding that there are "rules of engagement " and "rules of the road that apply whether you are inside DoD or frankly if you are on your own [computer] system," he said.
"We are focused on building, generating, sustaining and ensuring we have a ready cyber force within the Department of Defense," said Air Force Lt. Gen. James "Kevin" McLaughlin, the deputy commander of U.S. Cyber Command.
In 2013, the command embarked upon a "four-year sprint" to bring 133 new cyber teams together across the military services, involving some 6,200 people, he said. The command is about half-way through in creating the teams, he added.
"In some cases, we're employing these units before they're even at initial operating capability when they have recognizable units that can function because the need for them is so dire," McLaughlin said. "We're aggressively putting capability in the fight."