Cyber Command has appropriate authorities but lacks agility, says official
Cyber Command, in collaboration with the National Security Agency, has the authorities it needs to protect Defense Department networks and effectively share information with the Homeland Security Department and FBI to defend non-military entities, said Rear Adm. Samuel Cox, director of intelligence at Cyber Command.
Work is also underway to prepare the command should the government ever invoke non-peacetime authorities. "It's not like we'll be in a last-minute scramble," said Cox during a Sept. 27 panel discussion hosted by the Atlantic Council in Washington, D.C.
Still, agility is a challenge for Cyber Command, he said.
"In situations where you have a sudden crisis in a country that wasn't very high on the national intelligence priority and all of a sudden you want to do a bunch of cyber stuff in that country, you find that if you haven't done a whole heck of a lot of lead work, grunt work to be ready for it, you just can't do it," said Cox.
"You have to be ahead of the problem because you can't just gin up cyber things over night if you're going to be precise and, in accord with the law of armed conflict, follow the rules," he added.
With the formation of Cyber Command, DoD is working to bring together intelligence gatherers, or "exploiters," and attackers so they are in constant communication, said Cox. The command's attackers are a very small group who are "just itching to demonstrate what this can do," he said. On the other hand, exploiting a network requires a huge investment in time and intelligence resources to gain access to the network.
These two groups have historically worked at a top secret and higher level with little interaction--sometimes putting the two groups at odds.
"The exploiters are not particularly happy when the attackers go 'Thank you for getting this access, we'd like to throw a cyber grenade in there, which--oh by the way--shuts off the intelligence that might be coming from that source," he said.
Cox said the command is making headway in bringing these two disciplines together under one roof, which is important because they rely so heavily on one another.
"You penetrate as early as you can into the enemy's research and development and training phases to figure out what they're going to do before they do it," said Cox. "Then once you have that you're able to develop your countermeasures."
- go to the event page (includes archived audio, archived video and event information)