Cyber isn’t all that special, says NSA chief

snagfilms-a.akamaihd.netnavy-adm-michael-rogers-5e2f5a4eaab1538133130396982d979df5af1ef6-1.jpg

For all the concern of cyber as a new domain and a new unique tool set, the nation’s chief cyber military officer is warning against putting cyber on a pedestal.

Cyber is an operational domain in which the military does a variety of missions and functions, many of which are traditional, said Adm. Michael Rogers, commander of U.S. Cyber Command and director of the National Security Agency, at the AFCEA West conference in San Diego on Feb. 23. He noted that the military executes reconnaissance and fire and maneuver activities in cyberspace much like the branches do in the physical world.

Don’t be intimated by the technical aspects of cyber, he told conference attendees. “Don’t make this thing so specialized, so unique, so different that it just gets pushed to the side. That will sub-optimize our ability to execute cyber operations, and quite frankly it will minimize or at least negatively impact, in my view, the operational outcomes, which is the whole reason we’re doing this in the first place,” he said.

Rogers asked how cyber can be framed in a way that brings a broader sense of recognition and makes it easier to integrate this into a broader set of operational activities, because if it doesn’t generate operational outcomes at the operational level, it is a waste of time and investment.

Rogers also noted that in the next five to 10 years, he wants to see offensive and defensive cyber integrated at the tactical edge. This is something the services are also looking at — moving away from cyber as a strategic, specialized asset and approaching it as something that can be implemented within maneuver elements in the field to generate effects.

In a way, offensive cyber tools are treated like nuclear weapons in the sense that their application outside the defined area of hostiles is controlled at the chief executive level and not delegated down, Rogers said.

In the next five to 10 years, he said he hopes his team can demonstrate and engender enough confidence in decision-makers and policymakers so they feel comfortable pushing this down to the tactical level.

The military and the government as a whole should be integrating cyber in the strike group and the amphibious expeditionary side, he said, adding that the two entities should view cyber as another tool kit to a commander seeking a desired outcome or end state.

What is stopping the military right now from pushing cyber down to the tactical level is not the classification, “the super-secret stuff,” Rogers said, which has little if anything to do with it, but rather it’s getting correct the authorities and rules of engagement to be able to employ it.

Offensive cyber tools

Another intellectual quandary Rogers has been grappling with involves cyber tools, specifically on the offensive side. The military typically turns to industry for conventional weaponry; but to date, almost all U.S. offensive cyber weapons have been internally developed, he said.

Rogers, who specifically said he spoke for himself rather than the government, questioned the sustainability of internal development and whether this route neglects access to private sector-made capabilities. “I’m still trying to work my way through that intellectually,” he said.

This is likely in part to the fact that many cyber tools must be specifically tailored to get after a specific exploit. Vice Adm. Michael Gilday, commander of Fleet Cyber Command/10th Fleet, noted during the same conference that potential tools brought forth from the private sector might need to be “tinkered” because the military could be interested in customization.