Cyber ‘beat cop’ needed to add context for SWAT teams

snagfilms-a.akamaihd.netmissile-defense-stinger-l-cb9debb3f6803c4fe68236542b321dff386f0835-1.jpg

In cyberspace, understanding the terrain is a critical component for success. When it comes to mission or weapon systems, in the experience of one combatant command official, there needs to be a beat cop performing a daily patrol to provide context to the SWAT team when an incident happens.

“We’ve got a SWAT team, I’ve got a cyber protection team that I can put out there [to whom I could say]: ‘Hey, this looks really bad; get out there, hunt, tell me what you see, help us close these vulnerabilities.’ But they’re not as effective if they don’t have that beat cop, someone out there that says: ‘Hey, I know that hot dog cart over there at the corner is always there, but I don’t see the guy who’s pushing it, what happened there? Why is that black SUV over there,’” said Brig. Gen. Mark Weatherington, director of cyberspace operations for the North American Aerospace Defense Command and U.S. Northern Command.

The Air Force officer, speaking during a June 13 panel at the Defensive Cyber Operations Symposium in Baltimore, Maryland, noted that his team needs someone who knows that environment, routine and day-to-day interaction within that environment to help the cyber protection team, or CPT, understand what it’s seeing and the most effective response.

These systems include the Battle Control System-Fixed, which is the primary command and control node for doing airborne warning, or the  Command and Control, Battle Management, and Communications, also known as C2BMC. “Things like that that are mission systems that maybe we had a harder time thinking about in terms of cybersecurity and defense from a network perspective but really are the critical elements of doing the business we do at NROAD/NORTHCOM. It’s not necessarily a network, but a mission system,” Weatherington said.

The head of U.S. Cyber Command, Adm. Michael Rogers, has — in several ways — equated the cyber force to special operations forces. Relevant to this example, he’s called cyber a high-demand, low-density asset.

“How do we treat any high-demand, low-density resource at the department?” he quipped in February. “We traditionally tend to centralize it, then prioritize its application on risk and operational priority. I would argue we have to do the same thing in cyber.”

This is where the “beat cop” would help CPTs that are tasked to a specific high-priority mission or event.

The CPTs and cyber defenders also need analytic tools. “The analytics piece is what we’re really looking for industry to bring to us,” Lt. Gen. Alan Lynn, the DISA director and the Joint Force Headquarters-Department of Defense Information Networks commander, told Fifth Domain following his opening keynote at the conference on June 13. “We’ve got so much data that’s hitting us all the time. To make sense of it — we have a lot of people working to make sense of it and to get machine-level learning on it is where we’re headed.”

JFHQ-DoDIN’s deputy commander, Maj. Gen. Robert Skinner, at the same panel described Lynn as the police commissioner within the beat cop/SWAT team analogy. “He’s the police commissioner from an operational standpoint, identifying what the priorities are,” Skinner said.