WASHINGTON — President-elect Biden’s defense secretary nominee showed support Tuesday for the ideas behind the Pentagon’s more proactive approach to cybersecurity dubbed “defend forward.”
Retired Army Gen. Lloyd Austin favors the DoD’s proactive actions against threats from China and Russia, which are conducting “malicious cyber campaigns to erode U.S. military advantages, threaten our infrastructure, and reduce our economic prosperity,” he wrote in responses to lawmakers’ policy questions ahead of his confirmation hearing.
The DoD’s 2018 cybersecurity strategy charges U.S. Cyber Command to defend forward in cyberspace by getting as close to adversaries as possible to see what they’re planning, so the department can take action or inform others to prepare.
The approach is a response to continued adversary activity in cyberspace under the threshold of armed conflict that undermined national security.
Three ways the department can defend forward include generating insights about adversary’s cyber operations and capabilities; enabling interagency, industry and international partners to create better defenses; and acting, when necessary, to disrupt adversary cyber actors and halt malicious activities, Austin wrote.
“Having an offensive capability that we’re able to use, I think, is really important. I applaud the efforts that have been made in the past,” Austin told senators during his hearing. “In these endeavors, speed matters.” Steps that help facilitate the operators’ work would be a good move, as long as they’re done “in the right way,” he added.
Austin plans to review recent changes to streamline cyber authorities that allow the department to respond to threats and conduct operations in a more timely manner, saying in his written questionnaire that he will adjust those authorities if needed.
He committed to conducting a top-down review of cyber operations, including the cyber structure.
Dual-hat or split?
Lawmakers asked Austin in his questionnaire about the dual-hat arrangement for the National Security Agency and Cyber Command, which have been co-located for a decade under a shared leader — currently Gen. Paul Nakasone. Deciding whether Cyber Command should stand on its own will require thorough analysis, Austin said.
At the time of Cyber Command’s creation, the arrangement made sense to help the command grow, relying on the personnel, expertise and infrastructure of the NSA.
The Trump administration, in its waning days, put forth a plan to separate the two, which lawmakers opposed without their consultation. However, The Washington Post reported that Acting Secretary of Defense Christopher Miller is unlikely to implement the plan.
Congress outlined in 2016 a series of metrics that Pentagon leaders had to meet to split the two, updating those in 2017.
“If confirmed, I would study this question closely to ensure that any decision concerning the dual-hat leadership arrangement between the director of the National Security Agency and the commander U.S Cyber Command is fully informed by thorough analysis and mitigates potential risks to national security and to the operational effectiveness of U.S. Cyber Command and the National Security Agency,” Austin said in his questionnaire. “If confirmed, I will work with Gen. Nakasone and the chairman to ensure U.S. Cyber Command has the resources it needs to ultimately meet these maturity requirements.”
Austin also noted in coordination with the chairman of the Joint Chiefs of Staff and the director of national intelligence the arrangement’s pros and cons, including the potential for seamless coordination with one director, but multiple chains of commands.
For her part, director of national intelligence nominee Avril Haines said she will work with DoD to review the status of the relationship and how a separation might affect operational risks and overall effectiveness for both offices, according to her policy questionnaire ahead of her confirmation hearing, also held Tuesday.
The last commander of Cyber Command and head of NSA has recommended that the Biden team examine the merits of a split based on conditions, as opposed to preconceived notions.
“As an incoming team, what I would suggest to them is: You need to look at this independently. You need to assess what’s the readiness and the capability of both organizations. What are the options here and is each organization ready to shift to a different structure without compromising its ability to execute its mission,” Michael Rogers told reporters during a January forum hosted by George Washington University. “Don’t go in with a preset the right answer is to do this or the right answer is to do that. You really need to roll up your sleeves and take a look at it today.”
Rogers also noted that the two will always be inextricably linked given the critical intelligence NSA provides.
“Cyber Command, for example, has no independent infrastructure. All of its infrastructure is resident within NSA facilities,” he said. “Unless you want to go out and spend hundreds of millions, if not billions [of dollars], to create unique infrastructure for Cyber Command. And I would argue we got higher priorities than that right now.”
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.