Improving situational awareness, creating trained cyber teams and building a more defensible architecture are top priorities for NSA and US Cyber Command (USCYBERCOM), according to Col. John Surdu, Military Deputy Chief, Combined Action Group (CAG).
Appearing on today’s Federal Executive Forum on Cybersecurity/Progress & Best Practices – “Defense & Homeland,” Col. Surdu outlined the top 5 priorities that both NSA and USCYBERCOM are pursuing to further advance the nation’s cyber defenses.
The 5 priorities are:
1. Improving situational awareness across networks
2. Creating trained and ready cyber teams
3. Building a more defensible architecture
4. Evolving authorities, roles and responsibilities for defending the nation
5. Constructing effective command and control processes and concepts for operating in cyberspace.
Col. Surdu leads the Combined Action Group, the only organization part of both the NSA and USCYBERCOM. His prior experience includes serving as the military deputy director of the Army’s Communications and Electronics Research, Development and Engineering Center.
He also served as the Army product manager for the One Semi-Automated Forces simulation system and worked as a research scientist at the Army Research Laboratory (ARL) where his research focused on unique uses for virtual reality technologies for command and control applications.
“NSA and Cyber Command are two different organizations, Col. Surdu explained. “They have different authorities, different missions, different strengths and different things they bring to the fight.”
What they share is a commander, Gen. Keith Alexander, so there is close collaboration between the groups. He has a set of 5 priorities that cut across both organizations.
The first priority is to improve situational awareness across the networks Col. Surdu said “because if you can’t see what’s on the networks, you can’t defend the networks.”
The second is to create trained and ready cyber teams and boost workforce development and cooperation among the services.
“Each of the services has a different set of training standards, priorities and certifications,” COL Surdu noted, “so we are pushing for uniform standards across all the services so Navy folks can operate on Army networks and help defend them.”
Third is to build a more defensible architecture. COL Surdu recounted that military networks were not built with cybersecurity designed in from the beginning, so they are pursuing active tactics, capabilities and strategies for an active cyber defense.
“Cyber is a team sport. It is also a contact sport,” he said. “Agencies and the private sector all bring something to the fight. We need to leverage everyone’s skills. As we move into the future you will see a more proactive cyber defense and processes to react quickly and in in an agile way.”
The fourth priority to continue to pursue, evolve and develop and improve the authorities to defend the nation. “We have a stated mission to defend the Defense Department, but Gen. Alexander believes that when called upon our job is to defend the nation.”
Fifth, Col. Surdu said is “to build the command and control processes and concepts for operating in cyberspace that will allow us to do things effectively.”
He further asserted that while some think security and civil liberties are a balancing act, he believes we can do don’t have to give up one to do the other, but we have to work things through.
“A more secure Internet means more privacy and safety for commerce. We can make cyberspace more secure without impinging on people’s rights and privacy.”
Other panelists included:
· Richard Hale: CISO, DOD
· Roberta G. Stempfley: Deputy Assistant Secretary of Cybersecurity, Dept. of Homeland Security
· COL. John Surdu: Military Deputy Chief, Combined Action Group, US Cyber Command & NSA
· Lee Holcomb: Vice President, Cyber Initiatives, Lockheed Martin Information Systems & Global Services
· Tom Conway: Director-Federal Business, McAfee Security
· Ray Patterson: VP, HP Enterprise Security
The panel was moderated by Jim Flyzik, President, The Flyzik Group. The Federal Executive Forum is produced monthly by The Trezza Media Group and is broadcast on Federal News Radio.