The Department of Defense will undergo a continued reorganization of its cyber posts as it aims to better protect against broadening attacks to the domain, according to Defense Secretary Jim Mattis.
Following the release of an unclassified summary of the Pentagon’s new classified National Defense Strategy (Defense Daily, Jan. 19), Mattis discussed DoD’s effort to address its lack of direction on how to handle cyber threats outside of military operations, during a speech at the Johns Hopkins School of Advanced International Studies in Washington, D.C., last Friday.
“In cyber, what we are going to do is reorganize. You’re going to see reorganization of the fundamental organizations, the U.S. Cyber Command the National Security Agency. They will be organized along different lines,” Mattis said.
The defense secretary wants to see U.S. Cyber Command posts better resourced, including installing more training and recruiting programs and defining new mission statements.
Cyber Command was elevated from a sub-unified combatant command under U.S. Strategic Command to a separate unified combatant command in August 2017, in an effort to improve responses to cyber security threats across the armed services (Defense Daily, Aug. 18). Mattis did not specify in his Friday speech how other elements of DoD would be reorganized to improve cyber posture.
DoD’s new NDS does not mention a planned cyber reorganization but emphasizes that budgets for fiscal years 2019 to 2023 will focus on accelerating modernization, including investments in cyber defense, resilience and integration of full spectrum cyber capabilities.
“America is a target, whether from terrorists seeking to attack our citizens; malicious cyber activity against personal, commercial, or government infrastructure; or political and information subversion,” write DoD officials in the unclassified NDS summary. “Investments will also prioritize capabilities to gain and exploit information, deny competitors those same advantages, and enable us to provide attribution while defending against and holding accountable state or non-state actors during cyberattacks.”
In response to a question Friday on how the NDS will strengthen U.S. cyber security, Mattis reiterated that DoD still has to resolve its role in protecting the domain outside of military operations.
“This is a Wild West right now, as you know. People in their bedrooms can be doing things that are causing dramatic, dire problems at this point,” said Mattis. “What do we do? Do we decide we’ll put up a domain and if somebody wants to, they can go inside it and we’ll have a military force trying to protect that domain…and if you put your account and your bank account in there, you get protection. So where are we going to go with this?”
Reorganization discussions will have to include the level of military involvement in securing critical infrastructure and civilian functions, according to Mattis.
“It’s a very complex issue. For right now, I’m focused mostly on just making certain that our military can fight and supporting FBI and others when we spot a problem coming in from overseas. But there’s a lot more to be done…and I have not got that defined yet,” Mattis said.