The Navy and Marine Corps must be prepared to handle cyber attacks like the recent attack embedded in routine software updates on thousands of government and business networks, said the nation’s top cybersecurity official.
“Continuing Navy-Marine Corps integration must account for the information environment, especially adversary intrusions, information operations and next-gen cryptography,” Army Gen. Paul Nakasone, head of U.S. Cyber Command, said Tuesday during the WEST 2021 defense conference. Cyber operations, cybersecurity and information operations are “increasingly important roles for the joint force,” including the growing capabilities coming from naval integration.
“The scope of what we need to defend and protect has dramatically expanded,” said Nakasone, who oversees the Fort Meade, Md.,-based headquarters organization of nearly 6,200 personnel, including 133 Cyber Mission Force teams, and a $610 million annual budget.
“The attack surface is much broader. Think about the need to protect the Navy and Marine Corps’ weapons systems,” Nakasone said. “That’s a related but distinct challenge compared to networks. For example, how do we think about software updates and patches for systems on ships that don’t return to port for months at a time?”
“How do we improve the security of weapons systems – and not just those that are already fielded, but how do we make cybersecurity a consideration at the earliest phases of the acquisition cycle?”
Moreover, the increase in integrated training and operations among the military services raises the potential costs and fallout from cyber attacks on systems and equipment.
“We must also protect the military data, which is rapidly becoming a core enabler of capabilities across the joint force,” Nakasone said, adding that “as the [Defense] Department expands how it brings together and uses data, so too we must develop new ways to keep it safe.”
The rate and scope of cyber threats continue to grow in type and scale.
“Sophistication of our competitors has increased,” said Nakasone, who also is director of the National Security Agency and chief of the Central Security Services. Just in the last five months, the nation has seen supply chain attacks from the hack of a SolarWinds software update, zero-day vulnerabilities – or when software does not have a current security fix for a known problem – and attacks of ransomware malware.
Preparing for the worst-case scenario in a crisis or conflict is a core mission of CYBERCOM and the NSA. Among its rare, publicly acknowledged successes is the agencies’ joint counter-terrorism operations and successful hack of the ISIS terror network by Joint Task Force Ares.
Countering cyber threats requires a “unity of effort” to work together and provide support across the joint force, said Nakasone, who previously led U.S. Army Cyber Command. It also requires greater recognition that the cyber world and physical world are intertwined.
“Events on the virtual battlefield can reflect and inform events on the physical battlefield,” he said. But “too often, we think of cyberspace as something that is separate and distinct from the physical fight.”
The counter-ISIS mission “graduated us to the security of our elections,” Nakasone said, referring to the work by CYBERCOM and the NSA on U.S. election security and foreign interference, beginning with the 2018 midterm elections. As director of the NSA, he oversees the agency’s two key missions of signals intelligence and cybersecurity.
As the nation’s top cyber chief, Nakasone created the “Russia Small Group” focused on potential threats, including hackers and foreign influence. The command’s “hunt forward” operations, as they were called, involved CYBERCOM teams embedded in countries “to better understand emerging cyber threats that we might not otherwise see from a U.S.-centric perspective,” he said. Those lessons learned “are shared widely with interagency and other partners to inform new defenses.”
The partnerships, he noted, “proved critical in election security to thwart interference.” For the 2020 elections, he said, the Election Security Group created a “Cyber 9-line” reporting tool for National Guard cyber teams to use for suspected threats when they deployed to assist states’ efforts.
Cyber threats from Russia and China, Nakasone said, are “not one-off events.” He noted Defense Secretary Lloyd Austin’s vision and the continuing threats from Russia and China of “persistent, malicious cyber campaigns” against the United States.
“That’s going to require a shift – a shift in our posture, a shift in our thought processes, to return to a focus on these kinds of near-peer threats,” he said. “We have to respond to this across a full spectrum of activities and situations, that is, across cyber defense and offense, information operations and in competition, in crisis or, if necessary, in conflict. The more we can synchronize those activities, the more powerful we’ll be as a military and as a nation.”
“Our adversaries are not static. They continue to morph in their tradecraft and in their techniques,” he added in response to a question about trends and lessons learned about the threats to elections security. “We’ve got to be able to operate with speed… and with agility and… with a unity of effort.”
More integration across the services – “even across communities within the services” – and non-traditional interagency and industry partners are necessary, he said. In 2018, CYBERCOM partnered with a Maryland nonprofit organization to establish DreamPort, an unclassified cyber innovation, collaboration and prototyping facility in Columbia, Md.
The military also must “tend to our own vulnerabilities,” Nakasone said, and must look to improve cybersecurity, counter-information operations and bolster encryption. The latter should be looked at as “the last line of defense, to protect not just our networks, but our data and our weapons systems as well.”
Cybersecurity, he added, “really is national security.”