Cyber Extremely Important for US Navy

Authorities

Cyber Extremely Important for US Navy

For the U.S. Navy, cyber has an inherently military operational aspect, and the service is shaping its dedicated workforce to be 80 percent uniformed and only 20 percent civilian employees and contractors, the Navy’s top cyber officer said in a recent interview.

Navy Vice Adm. Michael S. Rogers, commander of U.S. Fleet Cyber Command and U.S. 10th Fleet, spoke with American Forces Press Service about the foundational importance of the cyber domain to the Navy, the joint force and U.S. Cyber Command.

 “There’s a reason why, for example, if you go on that air wing on that carrier, you don’t see civilians flying those aircraft,” Rogers said. “If you go on board that ship or submarine, go down to where those weapons systems are and where those radars and tools [are] that give you situational awareness of what’s going on. You don’t see civilians manning those.”

Rogers said the joint model most services are working toward is 80/20, and the Navy probably is at 77 percent today with its dedicated cyber workforce of about 5,000, plus contractors.

 “Like the other services, we’ve had our workforce engaged in cyber for a long time,” the admiral noted.

Navy officials concluded seven or eight years ago that cyber was of such foundational importance to the service’s future that they created a dedicated workforce to do cyber, particularly on the high-end side, Rogers said. He defined the high end as “implying in-depth understanding of network structures and the ability to operate in relatively complex networks.”

At the same time, he added, it was becoming clear that the Navy’s traditional electronic warfare mission and cyber were increasingly converging.

Chief of Naval Operations Adm. Jonathan W. Greenert made that point in an April 3 op-ed article in the Breaking Defense online magazine.

“With wireless routers or satellites part of almost every computer network,” he wrote, “cyberspace and the [electromagnetic] spectrum now form one continuous environment.”

“We’ve been thinking about this for a long time,” Rogers told American Forces Press Service, “and it’s nice to see that it’s playing out in some ways as we thought it would.”

Fiscal year 2013 is the first year the services are contributing to Cybercom’s national and cyber combat mission forces and its Cyber Protection Force, Rogers said, and the Navy is bringing on more capability than any other service.

 “In 2010 and 2011, we bought as a service almost 800 billets that we dedicated to cyber,” the admiral said. “We said, ‘We realize the workforce hasn’t been fully defined, but we think this is enough. We see the trends. We think we need to make the investments now.’”

This year, Navy cyber will bring 800 cyber service members online to form a series of dedicated teams for Cybercom, Rogers added, and in the subsequent three years, the Navy cyber organization will bring on nearly 1,000 more.

The cyber workforce represents a range of capabilities and specialties, Rogers said.

 “Our view is that you need to bring together three or four core ratings to work the cyber piece,” he explained, “some of them in areas you don’t necessarily directly associate with cyber — things like language. As we got into this, we came to the conclusion that we needed the ability to work in multiple languages if we’re going to work cyber from a global perspective.”

Intelligence, information technology and cryptologic technician-networks ratings also are considered core cyber capabilities, he added.

Most of the service cyber commanders have said there are similarities and differences in the way each service approaches its cyber mission, and Rogers said each service adopted its own structures and organizational construct.

 “So we’re all organized a little differently,” he said.

“In the case of the Navy, we replicated the joint model in many ways,” Rogers said. “Just as Army Gen. Keith Alexander is both the commander of the U.S. Cyber Command with Title 10 [armed forces] authorities, as well as director of the National Security Agency with Title 50 [national security and intelligence] authorities, I am commander of Fleet Cybercom and have operational control over the majority of forces and capabilities within my service that operate and defend the networks, as well as the service’s offensive capabilities.”

Rogers said he also wears a Title 50 hat as the Navy’s cryptologic commander, so the Navy’s signals intelligence, or SIGINT, resources also are under his operational control.

SIGINT is intelligence gathered from electronic signals and systems — such as communications systems, radars and weapons systems — used by foreign targets.

 “The reason we went this way was we believed the SIGINT capability — the ability to see the cyber battle space as well as to gain insights into opponents’ use of cyber — was a real plus in the cyber world,” the admiral said.

“It’s the same thing that led the joint world to … align the traditional service operational command, U.S. Cyber Command, with the SIGINT situational awareness and knowledge of the battle space of NSA,” he added. “We liked that model. We came to the same conclusions.”

Another difference in the Navy’s approach, the admiral said, “is we believe that if you’re going to successfully defend your networks then you can’t separate operation of the networks from the defensive side — you can’t treat them as totally separate, unrelated activities.”

The Navy is the only service, he added, that has decided one entity should operate the networks and defend them, as well as control the offensive cyber capabilities.

 “I think that gives us great agility. … It enables us to make very smart, very fast tradeoffs,” the admiral said. “It’s a real source of strength. … We operate them, we maintain them, we structure them, we control them.”

One of the things that makes cyber different from the land, sea, air and space domains, Rogers said, is that it’s the one in which every member of the organization is an operator.

 “If we’ve given you access to a keyboard, you’re operating in our domain,” he added. “You can’t really say that about the air or the maritime or the subsurface. Elements of our force are operating in those domains — don’t get me wrong — but not everybody is an operator all the time.”

This reality, the admiral said, “represents to us [not only] an opportunity to gain advantage, but also a potential opportunity for vulnerability for others to exploit, whether it’s intentional or unintentional.”

Adapting to this challenge and succeeding in the cyber domain means changing the mindset of everyone in the Navy who uses a keyboard, Rogers said.

 “We have to think much more broadly about this,” he added. “If you think Vice Admiral Rogers and 5,000 highly motivated individuals are all it’s going to take to achieve success and operate in an agile and effective manner in this domain, you don’t get it. It’s bigger than that.”

It doesn’t matter, he said, “whether you’re sitting on shore duty in the middle of the United States or you are out on the USS Eisenhower in the Strait of Hormuz. You’re an operator in this domain.”

[mappress]
Press Release, June 13, 2013; Image: US DoD