By U.S. Army Cyber CommandMarch 23, 2016
FORT BELVOIR, Va. -- "Protecting and defending Army networks and networked systems, including our platform systems, is vital for future Army readiness, mission command, and our ability to conduct joint Unified Land Operations," said Lt. Gen. Edward C. Cardon, commanding general of Army Cyber Command and Second Army, at the Association of the U.S. Army's Global Force Symposium in Huntsville, Ala., March 15.
Cardon said the cyber landscape is evolving. Its capacity to speed information flow and connectivity creates vulnerabilities at the same rate, but at the same time, cybersecurity focus has been on computing platforms and networks. The Army is realizing when we put computers on vehicles and platforms and connect them, we've simply created computers on wheels and tracks. These platforms have all the same vulnerabilities that exist with a computer network.
Shortly after becoming Chief of Staff of the Army, Gen. Mark Milley stressed that readiness for ground combat is - and will remain - the Army's number-one priority. Cardon told the AUSA audience that today ARCYBER embraces this priority by pursuing its mission of operationalizing cyber for the Army; defending networks, systems and platforms to provide mission assurance for the Army; and building cyber forces.
ARCYBER focuses on readiness and growing combat power for the Army, the general explained, by building defensible networks and improving standardization and modernization; adapting command and control and mission command; organizing, training, and equipping ready cyber forces; supporting deployed forces and Combat Training Centers training rotations; building the Army's future cyber structure; and enhancing mission assurance.
Information technologies have transformed society and the military, said Cardon, and that transformation is still ongoing and providing continual challenges. While the Internet of Things is creating huge advantages, it also creates huge vulnerabilities, he added, and experts in the cyber field suggested to him that the Army should be looking at where to invest to get the best cyber protection, and at developing platform assurance that provides better security not just for networks but also for more everyday things such as vehicles, fitness bracelets and refrigerators.
Cardon said the research community started addressing these types of vulnerabilities about five years ago, demonstrating the possibilities that malicious actors can use wireless technology to take control of vehicles and Global Positioning Systems. Those demonstrations underscore the need for developing ways to retain the benefits of technology while integrating safeguards such as isolating systems, minimizing systems that communicate wirelessly, and leveraging authentication and encryption.
Just looking at today's average car shows the magnitude of the challenge. Cardon said most cars now have more computer code in them than an Apollo space mission, with more than 100 electronic units controlling all aspects of the car and more than a million lines of code.
"We build sophisticated vehicles, but if we don't understand the vulnerabilities, then many of these efforts and capabilities will be significantly degraded," Cardon said.
The story is much the same for our weapons systems, he added. In a world where threats are increasing and cyber attacks are cheap and fast to develop and modify, it's more important than ever to make sure those weapons work. And that takes changing the way we think about networked systems.
"We can build the most sophisticated vehicles and weapons platforms, but if we don't understand the cyber vulnerabilities throughout the system, many of these efforts and capabilities could be significantly disrupted," Cardon said.
To think about and address these challenges, the general offered three frames to deliver mission assurance and resilience: an education frame, a processes frame and a culture frame.
The education frame is approached from an information assurance perspective and requires understanding offense and defense capabilities and informing all layers in the vehicle and platform acquisition process on the threat and avenues for cyber vulnerabilities. Doing that, Cardon said, depends heavily on Army's ongoing partnership with the private sector.
The process frame asks whether we are we properly organized, the general explained. He used the banking industry's Financial Services Information Sharing and Analysis Center, created in response to cyber attacks, as an example of how to integrate against a common threat.
Lastly, looking at the cyber culture is important when addressing problems of network vulnerabilities, Cardon said.
Normally it takes a catastrophe, such as an airline crash or terror attack, to spark major reorganizations or developments in a society or system, the general said. He called for action before that happens.
"We know what needs to be done. Why wait for something bad to happen? Let's act now," he said.
ABOUT US: United States Army Cyber Command and Second Army directs and conducts integrated electronic warfare, information and cyberspace operations as authorized, or directed, to ensure freedom of action in and through cyberspace and the information environment, and to deny the same to our adversaries.
Interested in becoming an Army cyber Soldier or civilian employee? Check out the career links at www.arcyber.army.mil