WASHINGTON, January 21, 2016 — U.S. Cyber Command’s strategic priorities for 2016 include continued defense of DoD networks and systems, applying Cyber Mission Force capabilities more broadly and expanding international partnerships, Navy Adm. Mike Rogers said today.
The CYBERCOM commander and National Security Agency chief appeared here at the Atlantic Council, talking about priorities for the year ahead and taking questions from the audience.
Cyber and its challenges are not just relevant to the U.S. military or the United States, he said in his opening remarks. “It’s a challenge we're all going to have to deal with, and it’s getting harder — not easier.”
“As we start 2016 … I remind people that defense remains our No. 1 priority. We've got to ensure that our networks and systems within the Department of Defense are free from the presence of others, and that we can count on [the networks] while we're executing the broad mission across the DoD,” he said.
During the year, Rogers said he wants to move beyond a focus on network structure into systems and platforms, which have as much vulnerability in many ways as the traditional backbone network structure.
“That’s going to be a big issue for us,” Rogers said. It will involve working with the acquisition world and how the command buys systems, and how it creates systems from the ground up in which cybersecurity is a fundamental aspect of the design.
This wasn’t necessarily the case 10 years to 20 years ago, he added, when many of the DoD systems in use today were built and when cyber redundancy, resilience and defensibility were not core design characteristics.
“That is not unique to the Department of Defense,” Rogers said. “I see the same challenge every day in the corporate sector and in the rest of the government as we're trying to figure out … how to deal with that.”
The admiral sees 2016 as an inflection point for CYBERCOM, which has been in existence as an organization for just over five years.
In the first part of its life, the organization focused on generating capacity and capability in the form of the cyber mission force — 6,200 dedicated cyber high-end professionals organized into teams and aligned against three missions, Rogers said.
The missions, he added, are defending DoD networks, being prepared if CYBERCOM is directed to respond to incidents of significant cyber consequence in the private sector, and using the cyber mission force to generate a spectrum of capabilities, from defense to offense.
Today, Rogers said, that capacity and capability is starting to come online.
“The hard work of the last few years is starting to pay off in tangible capabilities that you will see us start to apply in a broader and broader way. That's a positive for the department, [and] I believe it's a positive for the nation,” he said.
After two years as CYBERCOM commander, Rogers said one of his takeaways is that cybersecurity is all about partnerships.
“There is no single group, there is no single nation, there is no single segment … there is no single entity that has all the answers,” he said. “This is a challenge that will require us to work together in collaborative and innovative ways."
The ability to bring capability together in a broad perspective will generate better outcomes, Rogers said, noting that he spends a lot of time focused on how to generate those better outcomes.
The admiral said another CYBERCOM focus area in 2016 will be international partnerships.
“Increasingly you will see us dealing with key allies and friends around the world about how to work together on this cyber journey,” the admiral said.
Most nations are investing in some form of cyber capability, from defensive to offensive, and many nations are creating Cyber Command-like structures, he said.
“Every nation has its own approach — they each have to do what makes sense for them — but one of our 2016 focus areas will be building on this power of partnerships … and how we can do it in a more international way,” Rogers said.
The international dynamic becomes critical as nations begin working on norms of behavior and deterrence, he said, “because we are not going to do a U.S.-only approach to addressing challenges in cyber. It is much broader than that. It is much more foundational to all of us.”
A final focus for CYBERCOM this year will be what Rogers calls the basic building blocks of cyber — a multifaceted concept known in the department as cyber hygiene.
“One of the things we're working on across the department is how [to] create a culture where cyber hygiene and cyber security is every bit as foundational to you as an individual as if the department issued you a weapon,” he said.
When someone in DoD is issued a weapon, the admiral said, “you make sure that it’s used appropriately, always protected, never used indiscriminately and only applied in a specific set of circumstances, and you have constant responsibility for the security of that weapon.”
Rogers added, “We need you to do the exact same thing in the cyber realm. … If we can deal with what I call basic hygiene — the basic building blocks — that probably takes away 80 percent of [defensive] challenges … and lets us focus on things that really matter.”
The problem of cyber building blocks is not unique to the DoD, he said.
“I see it in the government [and] in the private sector. We are all trying to deal with the same challenges,” the admiral said.
Navy Adm. Mike Rogers
Special Report: The DoD Cyber Strategy
National Security Agency