The afternoon’s second panel, “Consequences for the Military” was moderated by Brigadier General Stephen A. Cheney, USMC (Ret.), CEO of the American Security Project and included MG Garrett Yee, US Army Reserve, Cyber Security Directorate Military Deputy, LTC Scott Applegate, G3 Current Operations Chief, Defensive Cyberspace Operations, United States Army Cyber Command, and Ian Wallace, Senior Fellow, Co-Director Cyber Security Initiative, New America.
MG Yee began by insisting that the military understands the importance of cyber security, and that significant progress has been made in recent years. For example, cyber security was previously managed by IT, but today is managed through operations channels.
Whereas, maybe a couple of years ago it was that stuff that IT people did, today, it’s in the operational channels.
LTC Applegate elaborated further on this evolution, noting that the culture within the military has changed as well. This includes a change in Army cyber operations have been in the process of moving from S6 to S3 lanes (from the Signal Office to Operations).
Wallace struck somewhat of a different chord. He argued that while things are certainly better than they were 5-10 years ago, the transition is not yet complete. Cautioning that DOD should not own the whole problem, Wallace recommended that law enforcement and the private sector play a larger role in cyber defense. He then proceeded to outline a number of issues that he saw as unresolved.
The very admirable tendency to lean into problems may not necessarily be to the military’s or indeed the country’s advantage.
In reply, MG Yee noted that the military already asks if their cyber security efforts are deploying the right military/civilian mix. He also defended DOD’s obligation to not just defend itself, but to protect the nation and its infrastructure. LTC Applegate concurred that the task before them required coordination with the private sector.
General Cheney then asked if the panelists felt DOD was doing an adequate job of coordinating their response across the services and within the DOD. MG Yee and LTC Applegate felt the Department does meet these responsibilities. LTC Applegate went on to say it was very much a work in progress, but that the need to leverage expertise across services was well understood.
MG Yee pointed out that USCYBERCOM is not overly prescriptive as to how the various services prosecute their efforts. LTC Applegate elaborated, stating “what will work perfectly for the Navy will not necessarily work perfectly for the Army,” but that best practices can and should be shared across services.
Wallace then commented that he felt that the military needed to revise its joint doctrine and concepts to go beyond its traditional mission and make the most of the technology that is available. In making this point, he argued that the military has largely used cyber technology to achieve traditional ends.
General Cheney then asked if there was evidence of Chinese and Russian activity on the cyber front, and MG Yee responded by acknowledging that we are aware of China’s operational cyber units.
All told, the panelists agreed that the cyber threat is real, and that DOD should play in active role in facilitating coordination among its various branches, as well as with the private sector and law enforcement.
Further Reading Section